BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Essential information
- Published
- 05/09/2024 16:47
- Modified
- 05/09/2024 17:17
- Tags
- 2024-09-05 asyncrat banking trojan blotchyquasar credential-theft phishing quasarrat remcosrat
- Related entities
- 16 observables, 1 intrusion sets (apt), 19 techniques (mitre), 4 malware, 5 others
Description
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google Drive accounts. BlotchyQuasar, a variant of QuasarRAT, is heavily obfuscated and capable of keylogging, stealing credentials, and monitoring banking activities. The malware communicates with command and control servers using dynamic DNS services and VPNs. This campaign demonstrates BlindEagle's continued focus on South American targets, particularly in Colombia, using tax-related lures and customized malware variants.