• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Blind Eagle Hacking Group Targets South America With New Tools

You are here: Home / General Cyber Security News / Blind Eagle Hacking Group Targets South America With New Tools
January 6, 2023

Ongoing hacking campaigns orchestrated by the risk actor team Blind Eagle (also known as APT-C-36) have been spotted focusing on folks throughout South The united states.

Security specialists from Examine Position Investigate (CPR) unveiled the conclusions in a new advisory revealed on Thursday, describing a novel an infection chain involving an advanced toolset.

“For the very last several months, we have been observing the ongoing campaigns orchestrated by Blind Eagle, which have primarily adhered to the [tactics, techniques and procedures] TTPs explained earlier mentioned — phishing email messages pretending to be from the Colombian authorities,” the crew wrote.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“One common case in point is an email purportedly from the Ministry of Overseas Affairs, threatening the receiver with issues when leaving the nation except they settle a bureaucratic make a difference.”

According to CPR, the malicious e-mail integrated a url and a PDF file directing the regrettable victim to the exact same connection.

The incoming HTTP request is analyzed upon clicking on the backlink to test whether or not it originates from exterior Colombia.

If it does, the server aborts the infection chain and redirects the shopper to the authentic web site for the migration office of the Colombian Ministry of Foreign Affairs. If the incoming request comes from Colombia, nonetheless, the an infection chain proceeds as scheduled.

“The server responds to the shopper with a file for download. This is a malware executable hosted on the file-sharing service MediaFire,” CPR explained.

“The file is compressed, comparable to a ZIP file, utilizing the LHA algorithm. It is password-protected, earning it impervious to naive static evaluation and even naive sandbox emulation. The password is found equally in the email and in the attached PDF.”

The executable inside of the archive is a modified sample of QuasarRAT showcasing several new capabilities, which include functions to activate and deactivate the process proxy.

A different variant was spotted by CPR concentrating on Ecuador and impersonating the Ecuadorian Interior Revenue Assistance.

“This most recent marketing campaign focusing on Ecuador highlights how, in excess of the last number of decades, Blind Eagle has matured as a menace — refining their tools, incorporating capabilities to leaked code bases, and experimenting with elaborate infection chains and ‘Living off the Land,’” reads the CPR advisory.

“If what we’ve viewed is any indication, this group is value retaining an eye on so that victims aren’t blindsided by whichever intelligent factor they try out upcoming.”

The advisory comes months after Colombian healthcare company Keralty noted a ransomware attack in December 2022.


Some components of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News US Family Planning Non-Profit MFHS Confirms Ransomware Attack

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace

Copyright © TheCyberSecurity.News, All Rights Reserved.