Security is Everyone's Job


APT-C-36, also known as Blind Eagle, is another cyber espionage group that has been active since at least 2018

This group is suspected to be linked to South America, possibly Colombia, and mainly targets Colombian government institutions and important corporations in the financial sector, petroleum industry, and professional manufacturing

They have also expanded their operations to other countries, such as Ecuador, Chile, and Spain

Attack methods

APT-C-36 uses spear phishing emails with malicious attachments or links to lure their victims into downloading and executing their malware

They have impersonated the Colombian government tax agency, the National Directorate of Taxes and Customs (DIAN), to trick the recipients into opening fake invoices or tax documents

They have also abused the Discord content delivery network (CDN) to host and deliver their payloads

APT-C-36 has used various malware frameworks and tools to compromise and spy on their targets, such as Meterpreter, AsyncRAT, Imminent Monitor, and Fsociety

These malware have capabilities such as file collection, screenshots, keylogging, reverse shell, browser stealing, system information gathering, audio and video capture, and resource hijacking

They have also used obfuscation techniques, such as ConfuserEx and UUE encoding, to evade detection and analysis

APT-C-36 has used dynamic DNS services, such as DuckDNS, to communicate with their command and control (C2) servers

They have also used non-standard ports, such as port 4050, for their C2 communications

They have shown consistent tactics, techniques, and procedures (TTPs) throughout their campaigns, as well as continuous updates and improvements to their toolkit