BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin America. They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy and oil and gas companies, among others.
BlindEagle has demonstrated adaptability in shaping the objectives of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations.
There is evidence that the group has been active since at least 2018. At GReAT, we have been closely tracking their campaigns. This blog aims to give an introduction to the group, detail its TTPs, and provide insights into their recent operations.
The eagle goes phishing
The spreading method used by BlindEagle is via phishing emails. Depending on the type of cyberoperation they conduct, it could be spear phishing (used in targeted espionage attacks) or more generalized phishing (particularly used in financial attacks).
The phishing emails typically impersonate governmental institutions, such as Colombia’s National Directorate of Taxes and Customs, Ministry of Foreign Affairs or Office of the Attorney General, among others. Spam campaigns impersonating financial and banking entities are also common.
Phishing impersonating the Attorney General’s Office
The campaigns involve sending deceptive emails containing a notification about an issue that requires immediate action by the user. Each email contains a link in its body that appears to lead to the official website of the entity being impersonated, and an attached file (particularly PDF or Word documents). The attached document ..
Support the originator by clicking the read the rest link below.
