Summary: Check Point Research has uncovered a new wave of cyberattacks linked to the Blind Eagle (APT-C-36) group, targeting Colombian institutions using sophisticated phishing schemes to deploy malware. These attacks exploit vulnerabilities indirectly through malicious .url files, triggering WebDAV requests that allow for user tracking and malware execution. With more than 1,600 victims reported, the group represents a significant threat to both public and private sectors in Latin America due to its rapid adaptability and advanced tactics.
Affected: Colombian institutions and government entities
Keypoints :
- Blind Eagle has utilized weaponized .url files delivered via phishing emails, mimicking legitimate communications.
- The group executes a multi-stage attack, including initial WebDAV requests and subsequent payload execution leading to Remcos RAT deployment.
- Over 8,000 personally identifiable information (PII) records were stolen in a previous operation, indicating potential state-level espionage.
- The group leverages trusted cloud storage platforms like Bitbucket and GitHub for malware distribution to evade detection.
- Blind Eagle exhibits a high level of adaptability, quickly incorporating patched vulnerabilities into its arsenal.
Source: https://securityonline.info/blind-eagles-rapid-adaptation-new-tactics-deployed-days-after-patch/