BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google Drive accounts. BlotchyQuasar, a variant of QuasarRAT, is heavily obfuscated and capable of keylogging, stealing credentials, and monitoring banking activities. The malware communicates with command and control servers using dynamic DNS services and VPNs. This campaign demonstrates BlindEagle's continued focus on South American targets, particularly in Colombia, using tax-related lures and customized malware variants.
OPENCTI LABELS :
phishing,banking trojan,credential theft,asyncrat,remcosrat,quasarrat,blotchyquasar
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar