Since last year November, the Colombian judicial system has been facing regular cyberattacks orchestrated by the threat actor Blind Eagle(APT-C-36). So far, this campaign has compromised more than 1,600 systems and exposed critical vulnerabilities within critical infrastructure.
Who is Blind Eagle
Blind Eagle(APT-C-36) is a cyber threat actor active since 2018, primarily targeting government institutions in Colombia and other Latin American countries. Its main goal appears to be stealing sensitive information, including government-related data, economic intelligence, and intellectual property.
In their recent campaigns, Blind Eagle exploited the CVE-2024-43451 vulnerability in Microsoft Windows, which was patched on November 12, 2024. Remarkably, within six days of the patch being released, Blind Eagle leveraged this vulnerability in their attack. Prior to this, the same vulnerability had been used by another threat actor, UAC-0194, a group affiliated with Russia.
Modus Operandi
Blind Eagle’s modus operandi involves the distribution of malicious .url files through social engineering methods and CVE-2024-43451.
- They use malicious .url files to infect systems with malware.
- They exploit WebDAV requests to monitor and trigger downloads remotely.
- After exploiting initial access, they deploy HeartCrypt, a Packer-as-a-Service, and utilize Remcos RAT to maintain access and further compromise the victim systems.
- Blind Eagle utilizes trusted file-sharing platforms like Dropbox, Google Drive, Bitbucket, and GitHub to distribute malicious payloads, which helps the group bypass traditional detection methods.
The group has also shown advanced capabilities in adapting to patched vulnerabilities, reinforcing their persistence in targeted attacks.
Targeted Entities
The group’s primary targets include:
- Colombian Government Institutions: Agencies responsible for defense, law enforcement, and international relations.
- Private Sector: Critical infrastructure, financial services, and energy companies.
These sectors are targeted for their access to sensitive governmental data, national security information, and economic intelligence.
Defense and Mitigation Strategies
To defend against Blind Eagle’s tactics, organizations should consider the following strategies:
- Ensure timely patching of all software vulnerabilities, especially those related to .url file handling and RCe exploits.
- Implement advanced email filtering systems to detect and block spear-phishing attempts containing malicious URLs or attachments.
- Use endpoint detection and response (EDR) solutions to monitor and block suspicious activity, including RAT infections and unusual outbound communications.
- Regularly educate employees on recognizing social engineering techniques, including phishing and spear-phishing.
Follow us on X and Linkedin for the latest cybersecurity news
Source: hxxps[://]research[.]checkpoint[.]com/2025/blind-eagle-and-justice-for-all/
