 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Blind Eagle| Names | Blind Eagle (Qihoo 360) APT-C-36 (Qihoo 360) AguilaCiega (?) APT-Q-98 (?) | |
| Country |  Colombia | |
| Motivation | Information theft and espionage, Financial crime | |
| First seen | 2018 | |
| Description | (Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc. Till this moment, 360 Threat Intelligence Center captured 29 bait documents, 62 Trojan samples and multiple related malicious domains in total. Attackers are targeting Windows platform and aiming at government institutions as well as big companies in Colombia. | |
| Observed | Sectors: Education, Energy, Financial, Government, Healthcare, Manufacturing, Transportation and large domestic companies and multinational corporation branches. Countries: Chile, Colombia, Ecuador, Panama, Spain, USA. | |
| Tools used | AsyncRAT, BitRAT, BlotchyQuasar, Imminent Monitor RAT, njRAT, LimeRAT, RemcosRAT, Warzone RAT. | |
| Operations performed | Sep 2021 | APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs <https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html> |
| 2022 | BlindEagle Targeting Ecuador With Sharpened Tools <https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/> | |
| Feb 2023 | Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities <https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia> | |
| Mar 2023 | BlindEagle flying high in Latin America <https://securelist.com/blindeagle-apt/113414/> | |
| Jul 2023 | Blind Eagle's North American Journey <https://www.esentire.com/blog/blind-eagles-north-american-journey> | |
| Jun 2024 | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar <https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar> | |
| Nov 2024 | The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia <https://blog.checkpoint.com/research/the-growing-danger-of-blind-eagle-one-of-latin-americas-most-dangerous-cyber-criminal-groups-targets-colombia/> | |
| Information | <https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/> <https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis/> | |
| MITRE ATT&CK | <https://attack.mitre.org/groups/G0099/> | |
Last change to this card: 21 April 2025
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |