Category | Details |
---|---|
Threat Actors | BlindEagle (APT-C-36) |
Campaign Overview | Targeting entities in Latin America (primarily Colombia) with espionage and financial attacks. |
Target Regions (Or Victims) | Colombia, Ecuador, Chile, Panama, and other Latin American countries. |
Methodology | Phishing (spear phishing and generalized), geolocation filtering, multi-stage malware deployment, use of publicly available RATs. |
Product Targeted | Governmental institutions, financial companies, energy and oil & gas sectors. |
Malware Reference | njRAT, LimeRAT, BitRAT, AsyncRAT, Quasar RAT. |
Tools Used | Phishing emails, open-source RATs, custom-built droppers, geolocation URL shorteners, steganography. |
Vulnerabilities Exploited | No specific vulnerabilities mentioned, uses social engineering and publicly available tools. |
TTPs | Phishing, RAT usage (keylogging, credential stealing), process injection (e.g., process hollowing), DLL sideloading, obfuscation, steganography. |
Attribution | BlindEagle (APT-C-36), based on targeting and methodology. |
Recommendations | Enhance phishing defense, monitor unusual geolocation or URL activity, secure webmail and attachments. |
Source | Securelist by Kaspersky |
Read full article: https://securelist.com/blindeagle-apt/113414/
The above summary has been generated by an AI language model
Leave a Reply