Blind Eagle: ...And Justice for All
Essential information
- Published
- 10/04/2025 18:50
- Modified
- 10/04/2025 20:12
- Tags
- 2025-04-10 CVE-2024-43451 apt-c-36 colombia government heartcrypt phishing purecrypter remcos remcos rat webdav
- Related entities
- 1 intrusion sets (apt), 9 techniques (mitre), 2 malware, 4 others
Description
Check Point Research uncovered ongoing campaigns by Blind Eagle (APT-C-36) targeting Colombian institutions since November 2024. The group utilized malicious .url files, similar to CVE-2024-43451, to deliver HeartCrypt-packed malware and Remcos RAT. Campaigns infected over 1,600 victims in a single instance. Blind Eagle exploited legitimate platforms like Google Drive and GitHub for distribution. The group's rapid adaptation to new vulnerabilities and use of underground tools highlight its sophistication. Operating in UTC-5 timezone suggests South American origin. An operational failure revealed past phishing activities targeting Colombian banks, compromising over 8,000 entries of personal data.