Ongoing Blind Eagle attacks bombard Colombia

SecurityWeek reports that more than 1,600 public and private organizations in Colombia have been compromised by South American advanced persistent threat operation Blind Eagle, also known as APT-C-36, as part of attack campaigns that have been underway since November.

Intrusions involved the utilization of a variant of an exploit for the Microsoft NTLM vulnerability, tracked as CVE-2024-43451, which not only alerted attackers of file downloads but also allowed the deployment of a PureCrypter malware variant for system and user data compromise and the eventual delivery of the Remcos RAT, an analysis from Check Point Research revealed.

Continuous improvements have also been conducted by Blind Eagle, which proceeded to replace over 10 command-and-control servers in December and leverage breached Google Drive accounts to spread malicious files in January. Such findings further establish the prolific nature of Blind Eagle.

"The group's scale and persistence are evident, with over 1,600 infections recorded from a single campaign," said Check Point researchers.