Our team of researchers are always on the lookout, analyzing the latest attacks to keep you informed. <\/p>\n\n\n\n
In this article, we\u2019re sharing some of the most recent threats our team has uncovered over the past month. Let\u2019s dive in and see what\u2019s out there! <\/p>\n\n\n\n
APT-C-36, aka BlindEagle, Campaign in LATAM <\/h2>\n\n\n\n
Original post on X<\/em><\/a><\/p>\n\n\n\n APT-C-36, better known as BlindEagle<\/strong>, is a group that has been actively targeting the LATAM region<\/strong> for years. Their primary goal? To gain remote control of victims’ devices through continuous phishing attacks, installing Remote Access Tools<\/a> (RATs)<\/strong> like Remcos<\/a> and AsyncRAT<\/a> for financial gain. <\/p>\n\n\n\n We discovered that in recent cases attackers invite victims to an online court hearing via email. This official-sounding invitation creates a sense of urgency, pushing the target to download the malicious payload. <\/p>\n\n\n\n You can view analysis<\/a> of this attack inside ANY.RUN\u2019s sandbox.<\/p>\n\n\n To deliver their malware, BlindEagle often relies on well-known online services, such as: <\/p>\n\n\n\n This tactic helps them bypass certain security filters since these services are typically trusted by users. <\/p>\n\n\n\n The malicious payload is stored in the archive, which is usually protected by a password that can be found in the initial email. <\/p>\n\n\n\n Thanks to ANY.RUN’s interactivity<\/a>, you can manually enter the password right inside the sandbox.<\/p>\n\n\n\n\nAttack details <\/h3>\n\n\n
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/apt36_intel-1024x576.jpeg\")
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/orig_email_phish-1024x576.jpeg\")
\n
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image4-4-1024x586.png\")
<\/figure>\n\n\n\n