Cyber threats continue to evolve, and one group making headlines for its persistent attacks is Blind Eagle, also known as APT-C-36. This notorious hacking group has been actively targeting the Colombian government and various industries since at least 2018. Their operations, which have expanded to countries like Ecuador, Chile, and even Spain, are marked by a mix of sophisticated phishing campaigns and exploitation of newly discovered vulnerabilities.
How Blind Eagle Operates
Blind Eagle relies heavily on social engineering and phishing attacks to infiltrate systems. They often disguise themselves as Colombian government agencies—particularly the country’s tax authority, DIAN (National Directorate of Taxes and Customs)—to trick victims into downloading malicious files or clicking dangerous links.
Initially, their go-to method involved sending spear-phishing emails loaded with malware such as NjRAT, AsyncRAT, and Remcos, which granted them remote access to compromised devices. But in recent times, they have upped their game, swiftly adapting to new security loopholes and refining their attack strategies.
Exploiting New Vulnerabilities
In early 2025, Blind Eagle took advantage of CVE-2024-43451, a vulnerability in Windows NTLM authentication, just six days after it was publicly disclosed. This quick turnaround demonstrates their ability to stay ahead of cybersecurity defenses, making them a serious threat to government agencies and businesses.
One of their more devious tactics is embedding malicious .URL files in their phishing emails. When clicked, these files initiate WebDAV requests that download malware onto the victim’s system. Even users who had patched their software against known threats weren’t safe from these innovative exploits.
Large-Scale Attacks in 2024-2025
Between November 2024 and March 2025, Blind Eagle launched one of its most extensive cyberattacks, compromising over 1,600 victims in Colombia alone. Their targets included:
- Government agencies handling sensitive national data
- Financial institutions such as banks and online payment systems
- Petroleum and manufacturing industries
- Health and law enforcement organizations
A particularly disturbing aspect of this attack was the theft of personal information, including usernames, passwords, and even ATM PINs, raising concerns over identity theft and financial fraud.
Evasion Tactics: Staying Under the Radar
Blind Eagle knows how to blend in and make their attacks harder to detect. They have been using legitimate platforms like GitHub and Bitbucket to distribute malware. By hosting malicious files on these well-known services, they avoid immediate suspicion and can bypass traditional security filters.
The Impact on Colombia’s National Security
The cyberattacks by Blind Eagle pose a serious national security threat to Colombia. By compromising critical industries and government agencies, they could potentially disrupt essential services. Some experts believe these attacks might even have political motives, given that some of the affected organizations were involved in peace negotiations and law enforcement.
The scale of the data breach also highlights how vulnerable both organizations and individuals are to cyberattacks. When hackers gain access to sensitive personal data, the consequences can range from financial fraud to espionage.
How Organizations Can Protect Themselves
With hacking groups like Blind Eagle constantly evolving, strong cybersecurity measures are more important than ever. Here’s how companies and government agencies can defend themselves:
- Strengthen Email Security: Advanced phishing detection tools and employee training can help reduce the chances of falling for these scams.
- Keep Systems Updated: Regularly updating software and patching known vulnerabilities can prevent hackers from exploiting security loopholes.
- Monitor Network Activity: Detecting unusual access patterns early can prevent a full-scale breach.
- Implement Access Controls: Applying the principle of least privilege ensures that only authorized personnel can access critical systems.
- Have an Incident Response Plan: A well-structured cybersecurity incident response strategy can minimize damage in case of an attack.
Final Thoughts
Blind Eagle continues to be a formidable cyber threat, especially in Colombia and other parts of Latin America. Their ability to quickly adapt to new security vulnerabilities and use deceptive social engineering tactics makes them one of the most persistent hacking groups in the region.
Organizations must stay vigilant, proactively enhance their cybersecurity defenses, and educate employees on how to spot phishing attempts. In today’s digital world, staying ahead of cybercriminals is a never-ending battle, but with the right measures in place, it’s a battle that can be won.
Thank you so much 🙌