Blind Eagle Targets Colombian Insurance coverage Sector with Custom-made Quasar RAT


Sep 09, 2024Ravie LakshmananMonetary Safety / Malware

Customized Quasar RAT

The Colombian insurance coverage sector is the goal of a risk actor tracked as Blind Eagle with the top purpose of delivering a custom-made model of a recognized commodity distant entry trojan (RAT) often known as Quasar RAT since June 2024.

“Assaults have originated with phishing emails impersonating the Colombian tax authority,” Zscaler ThreatLabz researcher Gaetano Pellegrino said in a brand new evaluation printed final week.

The superior persistent risk (APT), additionally known as AguilaCiega, APT-C-36, and APT-Q-98, has a monitor report of specializing in organizations and people in South America, significantly associated to the federal government and finance sectors in Colombia and Ecuador.

Cybersecurity

The assault chains, as recently documented by Kaspersky, originate with phishing emails that entice recipients into clicking on malicious hyperlinks that function the launchpad for the an infection course of.

The hyperlinks, both embedded inside a PDF attachment or straight within the electronic mail physique, level to ZIP archives hosted on a Google Drive folder related to a compromised account that belongs to a regional authorities group in Colombia.

“The lure utilized by Blind Eagle concerned sending a notification to the sufferer, claiming to be a seizure order as a result of excellent tax funds,” Pellegrino famous. “That is supposed to create a way of urgency and strain the sufferer into taking rapid motion.”

Customized Quasar RAT

The archive accommodates inside it a Quasar RAT variant dubbed BlotchyQuasar, which packs in extra layers of obfuscation utilizing instruments like DeepSea or ConfuserEx to hinder evaluation and reverse engineering efforts. It was previously detailed by IBM X-Pressure in July 2023.

The malware consists of capabilities to log keystrokes, execute shell instructions, steal knowledge from internet browsers and FTP purchasers, and monitor a sufferer’s interactions with particular banking and fee companies positioned in Colombia and Ecuador.

Cybersecurity

It additionally leverages Pastebin as a dead-drop resolver to fetch the command-and-control (C2) area, with the risk actor leveraging Dynamic DNS (DDNS) companies to host the C2 area.

“Blind Eagle sometimes shields its infrastructure behind a mixture of VPN nodes and compromised routers, primarily positioned in Colombia,” Pellegrino stated. “This assault demonstrates the continued use of this technique.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *