CyberSecurity news
FlagThis
rohann@checkpoint.com@Check Point Blog
//
Blind Eagle, one of Latin America's most dangerous cyber criminal groups, has been actively targeting Colombian institutions and government entities since November 2024. According to Check Point Research (CPR), this advanced persistent threat (APT) group, also tracked as APT-C-36, is using sophisticated techniques to bypass traditional security defenses. They leverage trusted platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute their malicious payloads, and have recently been seen using a variant of an exploit for a now-patched Microsoft Windows flaw, CVE-2024-43451. This allows them to infect victims with a high rate of success.
CPR has uncovered that Blind Eagle incorporated this exploit a mere six days after Microsoft released the patch. They use malicious .URL files distributed via phishing emails, and victims are often unaware they are triggering the infection. The final payload is often the Remcos RAT, a remote access trojan that grants attackers complete control over infected systems, allowing for data theft, remote execution, and persistent access. In one campaign in December 2024, over 1,600 victims were affected, highlighting the group's efficiency and targeted approach.
ImgSrc: blog.checkpoint
References :
CPR has uncovered that Blind Eagle incorporated this exploit a mere six days after Microsoft released the patch. They use malicious .URL files distributed via phishing emails, and victims are often unaware they are triggering the infection. The final payload is often the Remcos RAT, a remote access trojan that grants attackers complete control over infected systems, allowing for data theft, remote execution, and persistent access. In one campaign in December 2024, over 1,600 victims were affected, highlighting the group's efficiency and targeted approach.
ImgSrc: blog.checkpoint
Share:
References :
- Check Point Blog: The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia
- bsky.app: Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
- The Hacker News: The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
- bsky.app: The Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
- gbhackers.com: Blind Eagle Hackers Exploit Google Drive, Dropbox & GitHub to Evade Security Measures
- : Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks
Classification:
- HashTags: #BlindEagle #CyberEspionage #APT
- Company: Check Point Research
- Target: Colombian Institutions
- Attacker: Blind Eagle APT
- Product: Software
- Feature: Espionage
- Type: Espionage
- Severity: Major