Blind Eagle: …And Justice for All

SUMMARY :

Check Point Research uncovered ongoing campaigns by Blind Eagle targeting Colombian institutions since November 2024. The group exploits a variant of CVE-2024-43451, using malicious .url files to deliver malware. Their attack chain includes HeartCrypt-packed executables, a .NET RAT, and Remcos RAT as the final payload. The campaigns have high infection rates, with over 1,600 victims in a single operation. Blind Eagle utilizes legitimate platforms like Google Drive and GitHub for malware distribution. The group's operating timezone suggests South American origins. An operational failure revealed past phishing activities targeting Colombian banks, resulting in over 8,000 stolen PII entries.

OPENCTI LABELS :

phishing,remcos,purecrypter,remcos rat,cve-2024-43451,heartcrypt


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Blind Eagle: …And Justice for All