CostaRicto is a apt_group tracked across 2 threat clusters and 2 intelligence report mentions on ThreatCluster. First observed April 22, 2026; most recent activity June 3, 2026.
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive…