What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-03-11 20:05:00 | Blind Eagle hacks des institutions colombiennes utilisant des défauts de ntlm, des rats et des attaques à base de github Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (lien direct) |
L'acteur de menace connu sous le nom de Blind Eagle est lié à une série de campagnes en cours ciblant les institutions colombiennes et les entités gouvernementales depuis novembre 2024.
"Les campagnes surveillées ont ciblé les institutions judiciaires colombiennes et d'autres organisations gouvernementales ou privées, avec des taux d'infection élevés", a déclaré Check Point dans une nouvelle analyse.
"Plus de 1 600 victimes ont été touchées pendant l'un des
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of |
Threat | APT-C-36 | ★★★ |
 |
2025-03-11 17:15:00 | Blind Eagle cible le gouvernement colombien avec des fichiers .url malveillants Blind Eagle Targets Colombian Government with Malicious .url Files (lien direct) |
Blind Eagle a mené des campagnes ciblant le gouvernement colombien avec des fichiers .url malveillants et des attaques de phishing
Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks |
APT-C-36 | ★★ | |
 |
2025-03-11 11:59:42 | 1 600 victimes frappées par les logiciels malveillants sud-américains 1,600 Victims Hit by South American APT\\'s Malware (lien direct) |
Le groupe sud-américain du cyberespionnage Blind Eagle a infecté plus de 1 600 organisations en Colombie lors d'une récente campagne.
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. |
Malware | APT-C-36 | ★★ |
 |
2025-03-10 13:47:20 | Le danger croissant de Blind Eagle: l'un des groupes de cyber-criminels les plus dangereux de l'Amérique latine cible la Colombie The Growing Danger of Blind Eagle: One of Latin America\\'s Most Dangerous Cyber Criminal Groups Targets Colombia (lien direct) |
Malware Threat | APT-C-36 | ★★★ | |
|
2025-03-10 12:56:28 | Aigle aveugle:… et justice pour tous Blind Eagle: …And Justice for All (lien direct) |
> Points clés Introduction APT-C-36, également connu sous le nom de Blind Eagle, est un groupe de menaces qui se livre à la fois dans l'espionnage et la cybercriminalité. Il cible principalement les organisations en Colombie et d'autres pays d'Amérique latine. Actif depuis 2018, ce groupe avancé de menace persistante (APT) se concentre sur les institutions gouvernementales, les organisations financières et les infrastructures critiques. Blind Eagle est connu pour utiliser […]
>Key Points Introduction APT-C-36, also known as Blind Eagle, is a threat group that engages in both espionage and cybercrime. It primarily targets organizations in Colombia and other Latin American countries. Active since 2018, this Advanced Persistent Threat (APT) group focuses on government institutions, financial organizations, and critical infrastructure. Blind Eagle is known for employing […] |
Threat | APT-C-36 | ★★★ |
|
2024-09-09 17:54:00 | Blind Eagle cible le secteur des assurances colombien avec un rat quasar personnalisé Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT (lien direct) |
Le secteur des assurances colombien est la cible d'un acteur de menace suivi comme Blind Eagle dans l'objectif final de fournir une version personnalisée d'un Trojan (rat) d'accès à distance connu connu sous le nom de Quasar Rat depuis juin 2024.
"Les attaques sont originaires des e-mails de phishing qui se font l'identité de l'autorité fiscale colombienne", a déclaré Gaetano Pellegrino, chercheur à menace de Zscaler, dans une nouvelle analyse publiée
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published |
Threat | APT-C-36 | ★★ |
 |
2024-09-06 22:15:34 | (Déjà vu) Blindagle cible le secteur des assurances colombien avec Botchyquasar BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar (lien direct) |
#### Targeted Geolocations - Colombia ## Snapshot In June 2024, Zscaler ThreatLabz detected new malicious activities by BlindEagle, an advanced persistent threat (APT) group also known as AguilaCiega, APT-C-36, and APT-Q-98. ## Description This group primarily targets government and financial organizations in South America, especially in Colombia and Ecuador, using phishing emails as their main attack vector. Recent attacks focused on employees within the Colombian insurance sector, using emails impersonating the Colombian National Tax and Customs Authority (DIAN) to trick recipients into downloading a malicious ZIP archive containing the BlotchyQuasar Remote Access Trojan (RAT). This RAT, a variant of the well-known QuasarRAT, is heavily obfuscated to evade detection. BlindEagle\'s phishing emails lead victims to a Google Drive folder, which is controlled by a compromised account of a Colombian government entity. The emails create urgency by claiming there is a seizure order due to unpaid taxes. Once the victim downloads and opens the ZIP file, BlotchyQuasar is executed, giving the attacker control over the system. The malware is designed to steal payment-related data, monitor banking service interactions, log keystrokes, and extract information from browsers and FTP clients. The command-and-control (C2) infrastructure for BlotchyQuasar involves using Pastebin to retrieve encrypted C2 server details. The domains associated with these C2 servers often leverage Dynamic DNS services and are hosted on compromised VPN nodes or routers in Colombia, aligning with BlindEagle\'s typical tactics. Zscaler attributed this campaign to BlindEagle based on the use of DIAN-themed phishing lures, customized malware variants, and infrastructure patterns that match previously documented BlindEagle operations. BlindEagle continues to use obfuscation techniques to conceal its infrastructure and evade detection, indicating that this threat actor is likely to persist in launching targeted attacks in the region. ## Additional Analysis BlindEagle is a financially motivated threat actor active since at least 2018. The group has been observed targeting organizations in South America, primarily in Colombia and Ecuador. However, in February 2024, [eSentire attributed BlindEagle](https://www.esentire.com/blog/blind-eagles-north-american-journey) to a campaign targeting Spanish-speaking users in the manufacturing industry in North America. BlindEagle typically leverages phishing emails that distribute RATs. In attacks, the group has employed a variety of publicly available RATs including njRAT, ProyectoRAT, WarzoneRAT, AsyncRAT, LimeRAT, RemcosRAT, QuasarRAT, and BitRAT. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable | Ransomware Spam Malware Tool Threat Prediction | APT-C-36 | ★★ |
|
2024-08-20 11:44:00 | Blind Eagle Hackers exploite la lance-phishing pour déployer des rats en Amérique latine Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (lien direct) |
Les chercheurs en cybersécurité ont fait la lumière sur un acteur de menace connu sous le nom d'aigle aveugle qui a constamment ciblé des entités et des individus en Colombie, en Équateur, au Chili, au Panama et à d'autres pays d'Amérique latine.
Les objectifs de ces attaques couvrent plusieurs secteurs, notamment des institutions gouvernementales, des sociétés financières, des sociétés énergétiques et pétrolières et gazières.
"Blind Eagle a démontré l'adaptabilité
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies. "Blind Eagle has demonstrated adaptability in |
Threat | APT-C-36 | ★★★ |
|
2024-03-14 12:47:00 | ANDE Loader Maleware cible le secteur de la fabrication en Amérique du Nord Ande Loader Malware Targets Manufacturing Sector in North America (lien direct) |
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT.
The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said.
Blind Eagle (aka APT-C-36) is a financially motivated threat actor&
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor& |
Malware Threat | APT-C-36 | ★★ |
 |
2023-11-06 11:24:52 | Campagne de cyber-espionnage implacable APT-C-36 Plagues Colombie Relentless Cyber Espionage Campaign APT-C-36 Plagues Colombia (lien direct) |
Avez-vous eu le vent de l'APT-C-36, l'ombre numérique qui se cache à travers l'Amérique du Sud?APT-C-36, surnommé Blind Eagle, n'est pas votre cyber-adversaire moyen.Cet avancé [plus ...]
Have you caught wind of APT-C-36, the digital shadow lurking across South America? APT-C-36, dubbed Blind Eagle, is not your average cyber adversary. This Advanced [more...] |
APT-C-36 | ★★★ | |
 |
2023-07-07 02:33:29 | Rapport de tendance des menaces sur les groupes APT & # 8211;Mai 2023 Threat Trend Report on APT Groups – May 2023 (lien direct) |
Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609
The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 |
Threat Prediction | APT 41 APT 38 APT 37 APT 37 APT 29 APT 29 APT 28 APT 28 APT 36 APT 36 Guam Guam APT-C-17 APT-C-17 GoldenJackal GoldenJackal APT-C-36 | ★★★ |
|
2023-04-19 20:45:00 | Blind Eagle Cyber Espionage Group frappe à nouveau: une nouvelle chaîne d'attaque à découvert Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (lien direct) |
L'acteur de cyber-espionnage suivi comme Blind Eagle a été lié à une nouvelle chaîne d'attaque en plusieurs étapes qui conduit au déploiement du Troie à l'accès à distance NJRAT sur des systèmes compromis.
"Le groupe est connu pour utiliser une variété de techniques d'attaque sophistiquées, notamment des logiciels malveillants personnalisés, des tactiques d'ingénierie sociale et des attaques de phistes de lance", a déclaré Threatmon dans un rapport de mardi.
Aigle aveugle, aussi
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also |
APT-C-36 | ★★ | |
|
2023-02-28 16:03:00 | APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia (lien direct) | The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, law | Threat | APT-C-36 | ★★★ |
 |
2023-02-27 20:04:31 | More trouble from an APT with Colombia and Ecuador on its mind (lien direct) |  The advanced persistent threat (APT) group known as Blind Eagle or APT-C-36 continues to phish with official-looking PDFs, researchers say |
Threat | APT-C-36 | ★★★ |
 |
2023-01-10 16:30:00 | Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company\'s Data (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Artificial intelligence, Expired C2 domains, Data leak, Mobile, Phishing, Ransomware, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
OPWNAI : Cybercriminals Starting to Use ChatGPT
(published: January 6, 2023)
Check Point researchers have detected multiple underground forum threads outlining experimenting with and abusing ChatGPT (Generative Pre-trained Transformer), the revolutionary artificial intelligence (AI) chatbot tool capable of generating creative responses in a conversational manner. Several actors have built schemes to produce AI outputs (graphic art, books) and sell them as their own. Other actors experiment with instructions to write an AI-generated malicious code while avoiding ChatGPT guardrails that should prevent such abuse. Two actors shared samples allegedly created using ChatGPT: a basic Python-based stealer, a Java downloader that stealthily runs payloads using PowerShell, and a cryptographic tool.
Analyst Comment: ChatGPT and similar tools can be of great help to humans creating art, writing texts, and programming. At the same time, it can be a dangerous tool enabling even low-skill threat actors to create convincing social-engineering lures and even new malware.
MITRE ATT&CK: [MITRE ATT&CK] T1566 - Phishing | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | [MITRE ATT&CK] T1560 - Archive Collected Data | [MITRE ATT&CK] T1005: Data from Local System
Tags: ChatGPT, Artificial intelligence, OpenAI, Phishing, Programming, Fraud, Chatbot, Python, Java, Cryptography, FTP
Turla: A Galaxy of Opportunity
(published: January 5, 2023)
Russia-sponsored group Turla re-registered expired domains for old Andromeda malware to select a Ukrainian target from the existing victims. Andromeda sample, known from 2013, infected the Ukrainian organization in December 2021 via user-activated LNK file on an infected USB drive. Turla re-registered the Andromeda C2 domain in January 2022, profiled and selected a single victim, and pushed its payloads in September 2022. First, the Kopiluwak profiling tool was downloaded for system reconnaissance, two days later, the Quietcanary backdoor was deployed to find and exfiltrate files created in 2021-2022.
Analyst Comment: Advanced groups are often utilizing commodity malware to blend their traffic with less sophisticated threats. Turla’s tactic of re-registering old but active C2 domains gives the group a way-in to the pool of existing targets. Organizations should be vigilant to all kinds of existing infections and clean them up, even if assessed as “less dangerous.” All known network and host-based indicators and hunting rules associated |
Ransomware Malware Tool Threat | ChatGPT APT-C-36 | ★★ |
|
2023-01-09 20:57:31 | 9th January – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 9th January, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Check Point Research has published a report on APT-C-36, also known as Blind Eagle – a financially motivated threat group attacking citizens of various countries in South America since at least 2018. CPR […] | Threat | APT-C-36 | ★★★ |
 |
2023-01-08 16:31:17 | New tools, infection chain part of Blind Eagle comeback (lien direct) | Colombia- and Ecuador-based organizations are being targeted by the Spanish-speaking threat group Blind Eagle, also known as APT-C-36, which has reemerged with a strengthened toolset and infection chain, The Hacker News reports. | Threat | APT-C-36 | ★★ |
|
2023-01-06 17:00:00 | Blind Eagle Hacking Group Targets South America With New Tools (lien direct) | Security experts from Check Point Research unveiled the findings in a new advisory | APT-C-36 | ★★★ | |
|
2023-01-05 20:25:00 | Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (lien direct) | A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the | Threat | APT-C-36 | ★★★ |
|
2023-01-05 09:12:26 | BlindEagle Targeting Ecuador With Sharpened Tools (lien direct) | >Blind Eagle, is a financially motivated threat group that has been launching indiscriminate attacks against citizens of various countries in South America since at least 2018. In a recent campaign targeting Ecuador based organizations, CPR detected a new infection chain that involves a more advanced toolset. | Threat | APT-C-36 | ★★★ |
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 |
1
We have: 21 articles.
We have: 21 articles.
To see everything:
Our RSS (filtrered)
