Blind Eagle Linked to Russian Host Proton66 in Latin America Attacks

Blind Eagle hackers linked to Russian host Proton66 to target banks in Latin America using phishing and RATs. Trustwave urges stronger security...

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading t...

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan RAT referred to as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the...

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions,...

PT-2024-7974

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the November 2024 security updates Description This is a spoofing issue in the New Technology LAN Manager NTLM protocol that allows attackers to steal NTLMv2 hashes with minimal user interaction. The...

Ande Loader Malware Targets Manufacturing Sector in North America

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans RATs like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North...

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow...

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow...

Blind Eagle Hackers resurfaced with a formidable infection chain

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Blind Eagle is a financially motivated threat group that has been targeting individuals in numerous South American countries since at least 2018. A novel infection chain involving a more complex toolkit w...

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs

We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American entities...