Blind Eagle: …And Justice for All
Essential information
- Published
- 10/03/2025 19:04
- Modified
- 11/03/2025 12:02
- Tags
- 2025-03-10 CVE-2024-43451 heartcrypt phishing purecrypter remcos remcos rat
- Related entities
- 16 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 4 others
Description
Check Point Research uncovered ongoing campaigns by Blind Eagle targeting Colombian institutions since November 2024. The group exploits a variant of CVE-2024-43451, using malicious .url files to deliver malware. Their attack chain includes HeartCrypt-packed executables, a .NET RAT, and Remcos RAT as the final payload. The campaigns have high infection rates, with over 1,600 victims in a single operation. Blind Eagle utilizes legitimate platforms like Google Drive and GitHub for malware distribution. The group's operating timezone suggests South American origins. An operational failure revealed past phishing activities targeting Colombian banks, resulting in over 8,000 stolen PII entries.