ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Blind Eagle

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Blind Eagle

NamesBlind Eagle (Qihoo 360)
APT-C-36 (Qihoo 360)
AguilaCiega (?)
APT-Q-98 (?)
CountryColombia Colombia
MotivationInformation theft and espionage, Financial crime
First seen2018
Description(Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.

Till this moment, 360 Threat Intelligence Center captured 29 bait documents, 62 Trojan samples and multiple related malicious domains in total. Attackers are targeting Windows platform and aiming at government institutions as well as big companies in Colombia.
ObservedSectors: Education, Energy, Financial, Government, Healthcare, Manufacturing, Transportation and large domestic companies and multinational corporation branches.
Countries: Chile, Colombia, Ecuador, Panama, Spain, USA.
Tools usedAsyncRAT, BitRAT, BlotchyQuasar, Imminent Monitor RAT, njRAT, LimeRAT, RemcosRAT, Warzone RAT.
Operations performedSep 2021APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
<https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html>
2022BlindEagle Targeting Ecuador With Sharpened Tools
<https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/>
Feb 2023Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities
<https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia>
Mar 2023BlindEagle flying high in Latin America
<https://securelist.com/blindeagle-apt/113414/>
Jul 2023Blind Eagle's North American Journey
<https://www.esentire.com/blog/blind-eagles-north-american-journey>
Jun 2024BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
<https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar>
Information<https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/>
<https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis/>
MITRE ATT&CK<https://attack.mitre.org/groups/G0099/>

Last change to this card: 23 October 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]