Contact

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar

NetmanageIT OpenCTI - opencti.netmanageit.com

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar



SUMMARY :

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google Drive accounts. BlotchyQuasar, a variant of QuasarRAT, is heavily obfuscated and capable of keylogging, stealing credentials, and monitoring banking activities. The malware communicates with command and control servers using dynamic DNS services and VPNs. This campaign demonstrates BlindEagle's continued focus on South American targets, particularly in Colombia, using tax-related lures and customized malware variants.

OPENCTI LABELS :

phishing,banking trojan,credential theft,asyncrat,remcosrat,quasarrat,blotchyquasar


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar