CostaRicto — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
2
occurrences
First Seen
April 22, 2026
Last Seen
June 3, 2026

CostaRicto is a apt_group tracked across 2 threat clusters and 2 intelligence report mentions on ThreatCluster. First observed April 22, 2026; most recent activity June 3, 2026.

Related Threat Clusters

  • Exploitation of Remote Services in Cyber Attacks

    Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…

    2 articles · Updated June 3, 2026
  • Cyber Adversaries Exploit File Enumeration and Data Collection Techniques

    Recent reports detail the tactics employed by various cyber adversaries to enumerate files and directories on compromised systems. Adversaries utilize command shell utilities and custom tools to gather sensitive…

    2 articles · Updated April 22, 2026

Recent Intelligence Reports

  • External Remote Services — attack.mitre.org · June 3, 2026
  • T1005 — attack.mitre.org · April 22, 2026

CVSS v3.1 Breakdown