Threat Group Cards: A Threat Actor Encyclopedia

APT group: Blind Eagle

Names	Blind Eagle (Qihoo 360) APT-C-36 (Qihoo 360)
Country	Colombia
Motivation	Information theft and espionage
First seen	2018
Description	(Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc. Till this moment, 360 Threat Intelligence Center captured 29 bait documents, 62 Trojan samples and multiple related malicious domains in total. Attackers are targeting Windows platform and aiming at government institutions as well as big companies in Colombia.
Observed	Sectors: Energy, Financial, Government, Healthcare, Manufacturing and large domestic companies and multinational corporation branches. Countries: Colombia, Ecuador, Panama, Spain.
Tools used	AsyncRAT, BitRAT, Imminent Monitor RAT, njRAT, LimeRAT, RemcosRAT, Warzone RAT.
Operations performed	Sep 2021	APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs <https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html>
	2022	BlindEagle Targeting Ecuador With Sharpened Tools <https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/>
Information	<https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/>
MITRE ATT&CK	<https://attack.mitre.org/groups/G0099/>

Last change to this card: 15 February 2023

Download this actor card in PDF or JSON format

Previous: BlackTech, Circuit Panda, Radio Panda
Next: Blue Termite, Cloudy Omega