Blind Eagle (APT-C-36), a notorious Latin American threat group, has been actively targeting Colombia’s justice system, government bodies, and private firms through sophisticated cyber campaigns. The group quickly adapted to exploit the CVE-2024-43451 vulnerability just six days after Microsoft released a patch, demonstrating their ability to weaponize security updates. Blind Eagle effectively evades traditional defenses by using trusted platforms like Google Drive, Dropbox, and GitHub to host and distribute malware, making detection difficult. Their latest tactic involves weaponized .url files that passively track victims via WebDAV requests and actively deliver Remcos RAT, a powerful malware that enables complete system control. This evolving strategy highlights the urgent need for proactive security measures, including accelerated patch management, AI-driven threat detection, and continuous network monitoring. Continue here.
