ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Blind Eagle

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Blind Eagle

NamesBlind Eagle (Qihoo 360)
APT-C-36 (Qihoo 360)
CountryColombia Colombia
MotivationInformation theft and espionage
First seen2018
Description(Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.

Till this moment, 360 Threat Intelligence Center captured 29 bait documents, 62 Trojan samples and multiple related malicious domains in total. Attackers are targeting Windows platform and aiming at government institutions as well as big companies in Colombia.
ObservedSectors: Energy, Financial, Government, Healthcare, Manufacturing and large domestic companies and multinational corporation branches.
Countries: Colombia, Ecuador, Panama, Spain.
Tools usedAsyncRAT, BitRAT, Imminent Monitor RAT, njRAT, LimeRAT, RemcosRAT, Warzone RAT.
Operations performedSep 2021APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
<https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html>
2022BlindEagle Targeting Ecuador With Sharpened Tools
<https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/>
Feb 2023Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities
<https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia>
Information<https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/>
<https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis/>
MITRE ATT&CK<https://attack.mitre.org/groups/G0099/>

Last change to this card: 26 April 2023

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]