Understanding Attacks Linked to Blind Eagle APT-C-36
To know more about it, you can go through my detailed document by clicking here
Overview
APT-C-36 also known as Blind Eagle active since 2018, is an espionage group suspected to be originated from South America and mainly targets Colombian government institutions along with the other important corporations of financial sector, petroleum industry, professional manufacturing, etc.
Types of Attack
- It can use fraudulent emails posing as Colombian government offices.
- All these emails may state that a government order has been issued along with all the details in the attachment (in which the information is protected with a password).
- Other spam emails may also claim to provide an Id proof with photo urging the recipient to open it with the password given by the hackers.
- The sender's email address is generally disguised as a fake profile.
- These emails also use DOCX/PDF files with a link and when clicked the recipient is taken to a file hosting site that can automatically download a BitRat laden archive.
Remediation
- By blocking all the threat indicators at your respective controls.
- By looking out for all the IOCs in your environment.
Conclusion
As it is known worldwide, APT-C-36 has become more efficient with time and improved its techniques of spreading malware while also avoiding any kind of detection. Hence, one have to keep an eye on this threat group in order to avoid any unpleasant surprises.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment