CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

admin by admin
January 5, 2023
in Information Security


Jan 05, 2023Ravie LakshmananCyber Attack / Malware

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.

Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the killchain.

Also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geographical focus and launching indiscriminate attacks against South American nations since at least 2018.

Blind Eagle’s operations have been documented by Trend Micro in September 2021, uncovering a spear-phishing campaign primarily aimed at Colombian entities designed to deliver a commodity malware known as BitRAT, with a lesser focus towards targets in Ecuador, Spain, and Panama.

Attacks chains commence with phishing emails containing a booby-trapped link that, when clicked, leads to the deployment of an open source trojan named Quasar RAT with the ultimate goal of gaining access to the victim’s bank accounts.

Some of targeted banks consists of Banco AV Villas, Banco Caja Social, Banco de Bogotá, Banco Popular, Bancoomeva, BBVA, Colpatria, Davivienda, and TransUnion.

Blind Eagle Hackers

Should the email recipient be located outside of Colombia, the attack sequence is aborted and the victim is redirected to the official website of the Colombian border control agency, Migración Colombia.

A related campaign singling out both Colombia and Ecuador masquerades as the latter’s Internal Revenue Service (SRI) and makes use of a similar geo-blocking technology to filter out requests originating from other countries.

This attack, rather than dropping a RAT malware, employs a more complex multi-stage process that abuses the legitimate mshta.exe binary to execute VBScript embedded inside an HTML file to ultimately download two Python scripts.

The first of the two, ByAV2.py, is an in-memory loader engineered to run a Meterpreter payload in DLL format. mp.py is also a Meterpreter artifact, only it’s programmed in Python, indicating that the threat actor could be using one of them as a redundant method to retain backdoor access to the host.

“Blind Eagle is a strange bird among APT groups,” the researchers concluded. “Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage.”

The development comes days after Qualys disclosed that an unknown adversary is leveraging personal information stolen from a Colombian cooperative bank to craft phishing emails that result in the deployment of BitRAT.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

The new year is here — and so are new scams

Next Post

Initiateleadershipinnovation

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Initiateleadershipinnovation

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.