The most recent threat activities conducted were primarily targeted at organizations in Colombia, involving sectors like “health, finance, law enforcement, immigration, and an agency in charge of peace negotiation in the country.”
Check Point researchers, who recently examined the Blind Eagle, also known as APT-C-36, noted the adversary and its advanced toolset that includes Meterpreter payloads, distributes through spear-phishing emails.
How Does APT-C-36 Operate?
Blind Eagle’s phishing emails lure its victims over the false impression of fear and urgency. The email notifies its recipients that they have “obligaciones pendentes,” or “outstanding obligations,” with some letters informing them that their tax payments are forty-five days overdue.
The cleverly-crafted emails are being provided with a link, navigating users to a PDF file that appears to be hosted on DIAN’s website but actually installs malware to the targeted systems, effectively launching the infection cycle.
The BlackBerry researchers explain it further:
“The fake DIAN website page contains a button that encourage
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: