Organizations and individuals from different sectors across several countries in Latin America, including Chile, Colombia, Ecuador, and Panama, have been subjected to spear phishing attacks by the Blind Eagle threat operation, also known as APT-C-36, that facilitate compromise with remote access trojans, including AsyncRAT, Remcos RAT, NjRAT, and BitRAT, reports The Hacker News.

Blind Eagle’s intrusions commence with the distribution of government and financial organization-spoofing phishing emails with malicious attachments containing links that redirect to a website hosting a compressed ZIP archive as an initial dropper following geographical verification, according to a Kaspersky report. Such dropper then leverages a Visual Basic Script to enable second-stage payload retrieval from servers, which may include GitHub and Pastebin, before fetching the RATs, which were mostly executed through process hollowing. “As simple as BlindEagle’s techniques and procedures may appear, their effectiveness allows the group to sustain a high level of activity. By consistently executing cyber espionage and financial credential theft campaigns, Blind Eagle remains a significant threat in the region,” said Kaspersky.