Summary: A South American cyberespionage group known as Blind Eagle has infected over 1,600 victims in Colombia using advanced malware techniques. This group primarily targets governmental and critical infrastructure organizations through phishing emails. Their latest campaign exploits a recently patched NTLM vulnerability, demonstrating their ongoing threat to security in the region.
Affected: Colombian government and private sector organizations
Keypoints :
- Blind Eagle, active since 2018, uses phishing emails with malicious attachments and URLs to deliver various remote access trojans (RATs).
- The group recently targeted a Microsoft vulnerability (CVE-2024-43451) shortly after it was patched, facilitating further exploitation attempts.
- Over two months, Blind Eagle frequently changed its command-and-control servers while using compromised Google Drive accounts to distribute malicious links.
Source: https://www.securityweek.com/1600-victims-hit-by-south-american-apts-malware/