Blind Eagle

Description

(Qihoo 360) Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.

Till this moment, 360 Threat Intelligence Center captured 29 bait documents, 62 Trojan samples and multiple related malicious domains in total. Attackers are targeting Windows platform and aiming at government institutions as well as big companies in Colombia.

Names

Name	Name-Giver
Blind Eagle	Qihoo 360
APT-C-36	Qihoo 360
AguilaCiega	?
APT-Q-98	?

Country

• Colombia

Motivation

• Information theft and espionage
• Financial crime

First Seen

2018

Observed Sectors

• Education
• Energy
• Financial
• Government
• Healthcare
• Manufacturing
• Transportation
• large domestic companies and multinational corporation branches

Observed Countries

• Chile
• Colombia
• Ecuador
• Panama
• Spain
• USA

Tools

• AsyncRAT
• BitRAT
• BlotchyQuasar
• Imminent Monitor RAT
• njRAT
• LimeRAT
• RemcosRAT
• Warzone RAT

Operations

• 2021-09: APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html
• 2022: BlindEagle Targeting Ecuador With Sharpened Tools https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/
• 2023-02: Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia’s Judiciary, Financial, Public, and Law Enforcement Entities https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia
• 2023-03: BlindEagle flying high in Latin America https://securelist.com/blindeagle-apt/113414/
• 2023-07: Blind Eagle’s North American Journey https://www.esentire.com/blog/blind-eagles-north-american-journey
• 2024-06: BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar
• 2024-11: The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia https://blog.checkpoint.com/research/the-growing-danger-of-blind-eagle-one-of-latin-americas-most-dangerous-cyber-criminal-groups-targets-colombia/

Information

• https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
• https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis/

Mitre Attack

• https://attack.mitre.org/groups/G0099/

Other Information

Uuid

1421d8ca-9aff-4245-8ee4-cdf72c4c65c5

Last Card Change

2025-04-21