Blind Eagle: ...And Justice for All

April 10, 2025, 8:12 p.m.

Description

Check Point Research uncovered ongoing campaigns by Blind Eagle (APT-C-36) targeting Colombian institutions since November 2024. The group utilized malicious .url files, similar to CVE-2024-43451, to deliver HeartCrypt-packed malware and Remcos RAT. Campaigns infected over 1,600 victims in a single instance. Blind Eagle exploited legitimate platforms like Google Drive and GitHub for distribution. The group's rapid adaptation to new vulnerabilities and use of underground tools highlight its sophistication. Operating in UTC-5 timezone suggests South American origin. An operational failure revealed past phishing activities targeting Colombian banks, compromising over 8,000 entries of personal data.

External References

https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all
https://otx.alienvault.com/pulse/67f81305d2659d5a0d917773
Tags
phishing
remcos
government
purecrypter
webdav
remcos rat
CVE-2024-43451
heartcrypt
2025-04-10
apt-c-36
colombia

Date

  • Created: April 10, 2025, 6:50 p.m.
  • Published: April 10, 2025, 6:50 p.m.
  • Modified: April 10, 2025, 8:12 p.m.

Attack Patterns

  • Remcos RAT
  • PureCrypter
  • Blind Eagle

Additional Informations

  • Defense
  • Finance
  • Government
  • Colombia