Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Max Q: A lifeline | TechCrunch

    March 27, 2023

    US CFTC takes legal action against Binance, crypto markets fall

    March 27, 2023

    Lyft CEO and president stepping down to be replaced by former Amazon exec

    March 27, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain
    Cybersecurity

    Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

    AdmincryptBy AdmincryptJanuary 5, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 05, 2023Ravie LakshmananCyber Attack / Malware

    Blind Eagle Hackers

    A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.

    Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the killchain.

    Also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geographical focus and launching indiscriminate attacks against South American nations since at least 2018.

    Blind Eagle’s operations have been documented by Trend Micro in September 2021, when it described a spear-phishing campaign primarily aimed at Colombian entities that’s designed to deliver a commodity malware known as BitRAT, with a lesser focus towards targets in Ecuador, Spain, and Panama.

    Attack chains commence with phishing emails containing a booby-trapped link that, when clicked, leads to the deployment of an open source trojan named Quasar RAT with the ultimate goal of gaining access to the victim’s bank accounts.

    Some of targeted banks consists of Banco AV Villas, Banco Caja Social, Banco de Bogotá, Banco Popular, Bancoomeva, BBVA, Colpatria, Davivienda, and TransUnion.

    Blind Eagle Hackers

    Should the email recipient be located outside of Colombia, the attack sequence is aborted and the victim is redirected to the official website of the Colombian border control agency, Migración Colombia.

    A related campaign singling out both Colombia and Ecuador masquerades as the latter’s Internal Revenue Service (SRI) and makes use of a similar geo-blocking technology to filter out requests originating from other countries.

    This attack, rather than dropping a RAT malware, employs a more complex multi-stage process that abuses the legitimate mshta.exe binary to execute VBScript embedded inside an HTML file to ultimately download two Python scripts.

    The first of the two, ByAV2.py, is an in-memory loader engineered to run a Meterpreter payload in DLL format. mp.py is also a Meterpreter artifact, only it’s programmed in Python, indicating that the threat actor could be using one of them as a redundant method to retain backdoor access to the host.

    “Blind Eagle is a strange bird among APT groups,” the researchers concluded. “Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage.”

    The development comes days after Qualys disclosed that an unknown adversary is leveraging personal information stolen from a Colombian cooperative bank to craft phishing emails that result in the deployment of BitRAT.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleRBC gives its top picks for 2023, including a surprising automaker
    Next Article Fascinating time-lapse map journeys explosive spread of Covid variant the ‘Kraken’
    Admincrypt
    • Website

    Related Posts

    20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

    March 27, 2023

    Where SSO Falls Short in Protecting SaaS

    March 27, 2023

    New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

    March 27, 2023

    Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

    March 27, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Techonology

    Max Q: A lifeline | TechCrunch

    By AdmincryptMarch 27, 20230

    Hello and welcome back to Max Q! In this issue: Relativity Space’s Terran 1 reaches…

    US CFTC takes legal action against Binance, crypto markets fall

    March 27, 2023

    Lyft CEO and president stepping down to be replaced by former Amazon exec

    March 27, 2023

    Barclays highlights 10 top quality stocks that are also cheap

    March 27, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?