BlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most recent activity has been directed at organizations in Colombia. “On Feb. 20, the BlackBerry Research and Intelligence team witnessed a new campaign where the threat actor impersonated a Colombian government tax agency to target key industries in Colombia, including health, financial, law enforcement, immigration, and an agency in charge of peace negotiation in the country.” Ancillary campaigns are also active against Chile, Ecuador, and Spain.
“APT-C-36 is a South American cyber espionage group that has been actively targeting Latin America-based entities over the last few years,” BlackBerry writes. “Although most of its efforts have been focused on Colombia, according to research conducted by CheckPoint researchers, it has also carried out intrusions against Ecuador.”
The come-on in Blind Eagle’s phishing emails depends upon fear and urgency. Recipients of the email are told they have “obligaciones pendientes," that is, “outstanding obligations,” with some of the communications telling the recipients that their payments are forty-five days in arrears. The emails’ phish hooks are usually a malicious link. “The URL shown on the bait document masquerades as the actual domain of DIAN. However, when clicked, the hyperlink leads to another domain created entirely by the threat actor using the public service website.org. The link redirects the target to dian.server.tl. This crafty technique is known as URL phishing.”
What’s Blind Eagle after? “This campaign continues to operate for the purposes of information theft and espionage,” BlackBerry says in the conclusion to its report. And Blind Eagle seems perfectly content to continue its simple but proven approach. “The modus operandi used has mostly stayed the same as the group’s previous efforts – it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work.”
New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering tactics. Whether the adversary is collecting valuable information or seeking to steal your money, the cons will often look surprisingly similar.
BlackBerry has the story.
Here's how it works:
