Select Page

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.

Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the killchain.

Also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geographical focus and launching indiscriminate attacks against South American nations since at least 2018.

Blind Eagle’s operations have been documented by Trend Micro in September 2021, uncovering a spear-phishing campaign primarily aimed at Colombian entities designed to deliver a commodity malware known as BitRAT, with a lesser focus towards targets in Ecuador, Spain, and Panama.

Attacks chains commence with phishing emails containing a booby-trapped link that, when clicked, leads to the deployment of an open source trojan named Quasar RAT with the ultimate goal of gaining access to the victim’s bank accounts.

images from Hacker News