• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
blind eagle cyber espionage group strikes again: new attack chain

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

You are here: Home / General Cyber Security News / Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
April 19, 2023

The cyber espionage actor tracked as Blind Eagle has been connected to a new multi-phase attack chain that qualified prospects to the deployment of the NjRAT distant access trojan on compromised devices.

“The group is recognized for utilizing a range of complex attack strategies, including tailor made malware, social engineering tactics, and spear-phishing attacks,” ThreatMon said in a Tuesday report.

Blind Eagle, also referred to as APT-C-36, is a suspected Spanish-talking group that chiefly strikes personal and general public sector entities in Colombian. Attacks orchestrated by the group have also focused Ecuador, Chile, and Spain.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


An infection chains documented by Check Issue and BlackBerry this 12 months have discovered the use of spear-phishing lures to deliver commodity malware family members like BitRAT, AsyncRAT, and in-memory Python loaders able of launching a Meterpreter payload.

The hottest discovery from ThreatMon entails the use of a JavaScript downloader to execute a PowerShell script hosted in Discord CDN. The script, in switch, drops another PowerShell script and a Windows batch file, and will save a VBScript file in the Windows startup folder to achieve persistence.

New Attack Chain

The VBScript code is then run to launch the batch file, which is subsequently deobfuscated to run the PowerShell script that was formerly sent alongside with it. In the closing phase, the PowerShell script is used to execute njRAT.

“njRAT, also recognized as Bladabindi is a distant obtain resource (RAT) with person interface or trojan which allows the holder of the software to management the end-user’s personal computer,” the cybersecurity company explained.

Observed this article exciting? Adhere to us on Twitter  and LinkedIn to study more unique information we publish.


Some pieces of this article are sourced from:
thehackernews.com

Previous Post: «google chrome hit by second zero day attack urgent patch Google Chrome Hit by Second Zero-Day Attack – Urgent Patch Update Released
Next Post: Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.