Numerous Colombian organizations, including those in the health, law enforcement, and financial segments, have been targeted by a spear-phishing campaign by Blind Eagle, also known as APT-C-36, according to The Hacker News.
Blind Eagle has deployed phishing emails impersonating Colombia's National Directorate of Taxes and Customs (DIAN), the country's tax agency, using "outstanding obligations" as lures, a report by the BlackBerry Research and Intelligence Team showed. Such emails contain a link to a PDF file, which when opened would prompt the execution of a Visual Basic Script payload and PowerShell utilization that would eventually lead into the distribution of the AsyncRAT malware.
"The modus operandi used has mostly stayed the same as the group's previous efforts it is very simple, which may mean that this group is comfortable with its way of launching campaigns via phishing emails, and feels confident in using them because they continue to work," said researchers.