Blind Eagle Goes Phishing

Phishing Attacks Blind EagleBlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most recent activity has been directed at organizations in Colombia. “On Feb. 20, the BlackBerry Research and Intelligence team witnessed a new campaign where the threat actor impersonated a Colombian government tax agency to target key industries in Colombia, including health, financial, law enforcement, immigration, and an agency in charge of peace negotiation in the country.” Ancillary campaigns are also active against Chile, Ecuador, and Spain.

“APT-C-36 is a South American cyber espionage group that has been actively targeting Latin America-based entities over the last few years,” BlackBerry writes. “Although most of its efforts have been focused on Colombia, according to research conducted by CheckPoint researchers, it has also carried out intrusions against Ecuador.”

The come-on in Blind Eagle’s phishing emails depends upon fear and urgency. Recipients of the email are told they have “obligaciones pendientes," that is, “outstanding obligations,” with some of the communications telling the recipients that their payments are forty-five days in arrears. The emails’ phish hooks are usually a malicious link. “The URL shown on the bait document masquerades as the actual domain of DIAN. However, when clicked, the hyperlink leads to another domain created entirely by the threat actor using the public service The link redirects the target to This crafty technique is known as URL phishing.”

What’s Blind Eagle after? “This campaign continues to operate for the purposes of information theft and espionage,” BlackBerry says in the conclusion to its report. And Blind Eagle seems perfectly content to continue its simple but proven approach. “The modus operandi used has mostly stayed the same as the group’s previous efforts – it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering tactics. Whether the adversary is collecting valuable information or seeking to steal your money, the cons will often look surprisingly similar.

BlackBerry has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews