APT-C-36, known as Blind Eagle, is suspected to originate from South America and primarily targets Colombia and other South American countries. Since October 2024, the group has been using more diverse and complex attack methods against Colombian entities. Their tactics involve multi-stage payload delivery and injection, memory execution to conceal traces, and anti-debugging techniques. The attack process includes using SVG files as bait, impersonating Colombian government communications, and ultimately deploying the AsyncRAT client for remote control. The group's technical capabilities have notably improved, incorporating techniques like 'Heaven's Gate' to evade analysis.