New toolset used by threat actor Blind Eagle to target victims across South America

Check Point Research identified the threat group Blind Eagle targeting victims in South America with financial motivations. The group uses phishing emails impersonating government entities to trick citizens in countries like Colombia and Ecuador. They employ an advanced toolset for cybercrime rather than espionage, focusing primarily on monetary gain within a specific geographical region.

US-based cyber threat intelligence research team Check Point Research (CPR) identified cybercrime campaigns orchestrated by the threat group APT-C-36 (also known as Blind Eagle) in recent months. According to CPR, Blind Eagle is a financially motivated group that has been coordinating attacks against citizens across South America since 2018.

In one example of a recent campaign, Blind Eagle has been sending phishing emails to citizens pretending to be from the Colombian government. Essentially, these emails threatened citizens with facing problems when leaving the country if certain bureaucratic matters were not settled. In another campaign targeting Ecuador-based organisations, the group used an advanced toolset to coordinate a new infection chain.

CPR characterised Blind Eagle as a ‘strange bird among APT groups’: ‘Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage; however, unlike most such groups that just attack the entire world indiscriminately, Blind Eagle has a very narrow geographical focus, most of the time limited to a single country.’