August 20, 2024 at 02:22AM
Cybersecurity researchers have reported ongoing attacks by Blind Eagle, an adaptable threat actor targeting entities and individuals in Latin American nations. The group employs spear-phishing tactics, geographical redirection, and process injection techniques to distribute trojans like AsyncRAT and NjRAT, enabling cyber espionage and financial credential theft campaigns. Kaspersky warns of Blind Eagle’s sustained and significant threat in the region.
Key Takeaways from the Meeting Notes:
1. The threat actor known as Blind Eagle, or APT-C-36, has been targeting entities and individuals in Latin American nations including Colombia, Ecuador, Chile, Panama, and others.
2. Blind Eagle targets a variety of sectors, such as governmental institutions, financial companies, and energy and oil and gas companies.
3. The group is known for using spear-phishing lures to distribute various remote access trojans, including AsyncRAT, BitRAT, Lime RAT, NjRAT, Quasar RAT, and Remcos RAT.
4. They use techniques like phishing emails impersonating legitimate institutions and financial entities, and employ a malware loader called Ande Loader to propagate RATs.
5. Geographical redirection is used to prevent new malicious sites from being flagged and to thwart hunting and analysis of the attacks.
6. Blind Eagle demonstrates adaptability in its cyberattacks, switching between financially motivated attacks and espionage operations, and continually modifying its campaigns.
7. The group employs advanced techniques such as process injection and process hollowing to evade defenses.
8. Modified versions of open-source RATs are used to capture credentials for financial services and conduct cyber espionage.
9. The group’s effectiveness allows them to sustain a high level of activity, making Blind Eagle a significant threat in the region.
These takeaways highlight the sophisticated and persistent nature of the Blind Eagle threat, emphasizing the importance of robust cybersecurity measures in the targeted regions.