'Blind Eagle' Sets Sights on Latin American Organizations

Category: Threat Actor Activity | Industries: Financial Services, Government, Healthcare, Law Enforcement, Legal | Level: Tactical | Source: BlackBerry

Blind Eagle (aka APT-C-36), a cyber espionage group from South America active since 2018, has recently been observed targeting entities based in Latin America, specifically Colombia and Ecuador. The group's primary targets have been financial and governmental organizations. BlackBerry’s Research & Intelligence Team reports recently Blind Eagle operators “impersonated a Colombian government tax agency to target key industries in Colombia, including health, financial, law enforcement, immigration, and an agency in charge of peace negotiation in the country.” Blind Eagle was observed distributing phishing emails posing as invoices carrying a malicious PDF document which leads to the download of a remote access trojan (RAT) such as AsyncRAT, njRAT, QuasarRAT, LimeRAT, and RemcosRAT. The group's motives are yet to be fully determined, BlackBerry researchers assess the group's objective to be associated with “information theft and espionage.” Whereas Check Point's report in January 2023, points to monetary gain as the primary objective over espionage.

Anvilogic Scenario:

• Malicious File Delivering Malware

Anvilogic Use Cases:

• Malicious Document Execution
• New AutoRun Registry Key
• Executable Process from Suspicious Folder

‍