• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Blind Eagle Hacking Group Targets South America With New Tools

You are here: Home / General Cyber Security News / Blind Eagle Hacking Group Targets South America With New Tools
January 6, 2023

Ongoing hacking campaigns orchestrated by the risk actor team Blind Eagle (also known as APT-C-36) have been spotted focusing on folks throughout South The united states.

Security specialists from Examine Position Investigate (CPR) unveiled the conclusions in a new advisory revealed on Thursday, describing a novel an infection chain involving an advanced toolset.

“For the very last several months, we have been observing the ongoing campaigns orchestrated by Blind Eagle, which have primarily adhered to the [tactics, techniques and procedures] TTPs explained earlier mentioned — phishing email messages pretending to be from the Colombian authorities,” the crew wrote.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“One common case in point is an email purportedly from the Ministry of Overseas Affairs, threatening the receiver with issues when leaving the nation except they settle a bureaucratic make a difference.”

According to CPR, the malicious e-mail integrated a url and a PDF file directing the regrettable victim to the exact same connection.

The incoming HTTP request is analyzed upon clicking on the backlink to test whether or not it originates from exterior Colombia.

If it does, the server aborts the infection chain and redirects the shopper to the authentic web site for the migration office of the Colombian Ministry of Foreign Affairs. If the incoming request comes from Colombia, nonetheless, the an infection chain proceeds as scheduled.

“The server responds to the shopper with a file for download. This is a malware executable hosted on the file-sharing service MediaFire,” CPR explained.

“The file is compressed, comparable to a ZIP file, utilizing the LHA algorithm. It is password-protected, earning it impervious to naive static evaluation and even naive sandbox emulation. The password is found equally in the email and in the attached PDF.”

The executable inside of the archive is a modified sample of QuasarRAT showcasing several new capabilities, which include functions to activate and deactivate the process proxy.

A different variant was spotted by CPR concentrating on Ecuador and impersonating the Ecuadorian Interior Revenue Assistance.

“This most recent marketing campaign focusing on Ecuador highlights how, in excess of the last number of decades, Blind Eagle has matured as a menace — refining their tools, incorporating capabilities to leaked code bases, and experimenting with elaborate infection chains and ‘Living off the Land,’” reads the CPR advisory.

“If what we’ve viewed is any indication, this group is value retaining an eye on so that victims aren’t blindsided by whichever intelligent factor they try out upcoming.”

The advisory comes months after Colombian healthcare company Keralty noted a ransomware attack in December 2022.


Some components of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News US Family Planning Non-Profit MFHS Confirms Ransomware Attack
Next Post: Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub hackers using captcha bypass tactics in freejacking campaign on github»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.