Threat Management, Email security, Vulnerability Management, Breach

New tools, infection chain part of Blind Eagle comeback

Colombia- and Ecuador-based organizations are being targeted by the Spanish-speaking threat group Blind Eagle, also known as APT-C-36, which has reemerged with a strengthened toolset and infection chain, The Hacker News reports. Blind Eagle has targeted banks including Banco AV Villas, BBVA, Banco Caja Social, Banco de Bogota, Bancoomeva, Banco Popular, Colpatria, Davivienda, and TransUnion with phishing emails containing a malicious link that triggers Quasar RAT deployment, according to a Check Point report. Meanwhile, a related campaign aimed at both countries involves the impersonation of Ecuador's Internal Revenue Services to facilitate a multi-stage attack chain exploiting the mshta.exe binary to download the script that executes a Meterpreter payload, as well as the script, which is also a Meterpreter artifact. "Blind Eagle is a strange bird among APT groups. Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.