| Category | Details |
|---|---|
| Threat Actors | BlindEagle (APT-C-36) |
| Campaign Overview | Targeting entities in Latin America (primarily Colombia) with espionage and financial attacks. |
| Target Regions (Or Victims) | Colombia, Ecuador, Chile, Panama, and other Latin American countries. |
| Methodology | Phishing (spear phishing and generalized), geolocation filtering, multi-stage malware deployment, use of publicly available RATs. |
| Product Targeted | Governmental institutions, financial companies, energy and oil & gas sectors. |
| Malware Reference | njRAT, LimeRAT, BitRAT, AsyncRAT, Quasar RAT. |
| Tools Used | Phishing emails, open-source RATs, custom-built droppers, geolocation URL shorteners, steganography. |
| Vulnerabilities Exploited | No specific vulnerabilities mentioned, uses social engineering and publicly available tools. |
| TTPs | Phishing, RAT usage (keylogging, credential stealing), process injection (e.g., process hollowing), DLL sideloading, obfuscation, steganography. |
| Attribution | BlindEagle (APT-C-36), based on targeting and methodology. |
| Recommendations | Enhance phishing defense, monitor unusual geolocation or URL activity, secure webmail and attachments. |
| Source | Securelist by Kaspersky |
Read full article: https://securelist.com/blindeagle-apt/113414/
The above summary has been generated by an AI language model
Leave a Reply