Novel Quasar RAT variant deployed by Blind Eagle

Share This Post



Advanced persistent threat operation Blind Eagle, also known as APT-C-36, APT-Q-98, and AguilaCiega, has deployed a new variant of the Quasar RAT backdoor dubbed “BlotchyQuasar” in intrusions against insurance organizations across Colombia, The Hacker News reports.

Blind Eagle’s attacks commence with the distribution of Colombia tax authority-spoofing phishing emails luring recipients into clicking embedded links redirecting to a Google Drive folder-hosted ZIP archive that facilitates BlotchyQuasar execution, according to a Zscaler ThreatLabz analysis. Aside from facilitating keystroke logging, shell command execution, banking and payment service monitoring, and browser and FTP client data exfiltration, BlotchyQuasar also enabled command-and-control domain retrieval through the usage of Pastebin as a dead drop resolver while bypassing detection through the ConfuserEx and DeepSea tools. “Blind Eagle typically shields its infrastructure behind a combination of VPN nodes and compromised routers, primarily located in Colombia. This attack demonstrates the continued use of this strategy,” said Zscaler ThreatLabz researcher Gaetano Pellegrino.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch