Blog
Share This Post
[ad_1]
Advanced persistent threat operation Blind Eagle, also known as APT-C-36, APT-Q-98, and AguilaCiega, has deployed a new variant of the Quasar RAT backdoor dubbed “BlotchyQuasar” in intrusions against insurance organizations across Colombia, The Hacker News reports.
Blind Eagle’s attacks commence with the distribution of Colombia tax authority-spoofing phishing emails luring recipients into clicking embedded links redirecting to a Google Drive folder-hosted ZIP archive that facilitates BlotchyQuasar execution, according to a Zscaler ThreatLabz analysis. Aside from facilitating keystroke logging, shell command execution, banking and payment service monitoring, and browser and FTP client data exfiltration, BlotchyQuasar also enabled command-and-control domain retrieval through the usage of Pastebin as a dead drop resolver while bypassing detection through the ConfuserEx and DeepSea tools. “Blind Eagle typically shields its infrastructure behind a combination of VPN nodes and compromised routers, primarily located in Colombia. This attack demonstrates the continued use of this strategy,” said Zscaler ThreatLabz researcher Gaetano Pellegrino.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
