Tuesday, April 16, 2024

Blind Eagle Hacker Group Launching Indiscriminate Attacks Using Powerful Toolset

There have been reports that an organized threat actor, known as Blind Eagle (tracked as APT-C-36), has re-appeared again with a refined toolset and one of the most elaborate infection chains in the history of cyberattacks targeting Colombian and Ecuadorian organizations.

Blind Eagle is a Spanish-speaking hacker group and recently researchers at Check Point uncovered the group’s latest:-

  • Tactics and techniques
  • Powerful Tools
  • Government-themed lures

As of 2018, Blind Eagle has been attacking indiscriminately South American nations due to its narrow geographical focus. In September 2021, Trend Micro published a document documenting the activities of the Blind Eagle group.

Banks Targeted With Campaigns

The distribution of BitRAT malware is being done via spear-phishing campaigns primarily targeting Colombian entities, with a lesser focus on the targets of the following countries:-

  • Ecuador
  • Spain
  • Panama

Below is a list of some of the banks that are targeted:-

  • Banco AV Villas
  • Banco Caja Social
  • Banco de Bogotá
  • Banco Popular
  • Bancoomeva
  • BBVA
  • Colpatria
  • Davivienda
  • TransUnion
Blind Eagle Hacker Group
Memory Meterpreter

Attack sequences are aborted if the email recipient is located outside Colombia, and Migración Colombia’s official website is redirected to the victim.

An organization masked as the Ecuadorian Internal Revenue Service (SRI) has been waging a campaign targeting Colombia and Ecuador in a similar way. In order to filter out requests that are originating from countries other than the one it is located in, it makes use of the same geoblocking technology.

A much more complex multi-stage process is employed instead of a simple drop of RAT malware in this attack, which exploits the legitimate mshta.exe binary rather than dropping a RAT. This is done by executing VBScript embedded inside an HTML file so that two Python scripts can be downloaded.

The two python scripts are listed below:-

  • ByAV2.py
  • mp.py

APT groups like Blind Eagle are a strange breed of APT groups regarding attacks. The organization seems more interested in cybercrime and monetary gain than espionage, based on its toolset and routine operations.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Website

Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles