Security is Everyone's Job
APT-C-36, also known as Blind Eagle, is another cyber espionage group that has been active since at least 2018
This group is suspected to be linked to South America, possibly Colombia, and mainly targets Colombian government institutions and important corporations in the financial sector, petroleum industry, and professional manufacturing
They have also expanded their operations to other countries, such as Ecuador, Chile, and Spain
APT-C-36 uses spear phishing emails with malicious attachments or links to lure their victims into downloading and executing their malware
They have impersonated the Colombian government tax agency, the National Directorate of Taxes and Customs (DIAN), to trick the recipients into opening fake invoices or tax documents
They have also abused the Discord content delivery network (CDN) to host and deliver their payloads
APT-C-36 has used various malware frameworks and tools to compromise and spy on their targets, such as Meterpreter, AsyncRAT, Imminent Monitor, and Fsociety
These malware have capabilities such as file collection, screenshots, keylogging, reverse shell, browser stealing, system information gathering, audio and video capture, and resource hijacking
They have also used obfuscation techniques, such as ConfuserEx and UUE encoding, to evade detection and analysis
APT-C-36 has used dynamic DNS services, such as DuckDNS, to communicate with their command and control (C2) servers
They have also used non-standard ports, such as port 4050, for their C2 communications
They have shown consistent tactics, techniques, and procedures (TTPs) throughout their campaigns, as well as continuous updates and improvements to their toolkit