Aug 20, 2024Ravie LakshmananMalware / Cyber Espionage
Cybersecurity researchers have uncovered a new threat actor named Blind Eagle that has been actively targeting organizations and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American countries.
The targets of these attacks include governmental institutions, financial companies, energy, and oil and gas companies.
According to a recent report by Kaspersky, Blind Eagle has shown adaptability in its cyberattacks, switching between financially motivated attacks and espionage operations.
Also known as APT-C-36, Blind Eagle has been operating since at least 2018. The group, believed to be Spanish-speaking, uses spear-phishing tactics to distribute various remote access trojans like AsyncRAT, BitRAT, Lime RAT, NjRAT, Quasar RAT, and Remcos RAT.
Recently, eSentire detailed the group’s use of a malware loader called Ande Loader to spread Remcos RAT and NjRAT.
The attacks typically start with phishing emails impersonating legitimate institutions that urge recipients to click on a link for urgent action. The emails may also contain attachments to enhance the appearance of legitimacy.
Geographical redirection is used to lead victims to malicious sites hosting droppers, ensuring the attacks evade detection and analysis.
The attackers use initial droppers and second-stage malware to execute their attacks, often employing process injection techniques to evade detection.
Blind Eagle’s modified RATs allow them to carry out espionage and financial theft campaigns effectively.
With their constantly evolving techniques, Blind Eagle poses a significant threat in the region, conducting cyber espionage and financial credential theft operations.
If you found this article interesting, follow us on Twitter and LinkedIn for more exclusive content.