Deluge of Blind Eagle intrusions hits Colombia

Advanced persistent threat operation Blind Eagle, also known as TAG-144, has launched five different attack clusters against Colombia between May 2024 and July 2025, reports The Hacker News. Intrusions part of the first cluster active from February to July involved the deployment of AsyncRAT, DCRat, and Remcos RAT payloads against Colombian government organizations, while attacks in the second cluster active from September to December 2024 entailed AsyncRAT and XWorm compromise of government, education, and retail entities across the country, according to findings from Recorded Future's Insikt Group. AsyncRAT and Remcos RAT had been distributed in intrusions part of the third cluster active from September 2024 to July 2025, while phishing pages impersonating BBVA, Bancolombia, and Banco Davivienda had been used in attacks part of the fourth cluster active from May 2024 to February 2025. Blind Eagle also used AsyncRAT and LimeRAT in intrusions part of the final cluster between March and July. Further analysis of the cracked AsyncRAT leveraged by Blind Eagle across its clusters showed an association with threat operations Shadow Vector and Red Akodon, who launched attacks against Colombia during the last 12 months.