Colombian Institutions Under Siege: Blind Eagle Exploits NTLM Flaw, RATs & GitHub Attacks
TL;DR
The threat actor Blind Eagle has been actively targeting Colombian institutions since November 2024, exploiting an NTLM flaw and using Remote Access Trojans (RATs) alongside GitHub-based attacks. Over 1,600 victims have been affected in these campaigns.
Blind Eagle’s Ongoing Cyber Attacks on Colombian Institutions
The threat actor known as Blind Eagle has been conducting a series of ongoing cyber campaigns targeting Colombian institutions and government entities since November 2024. According to a new analysis by Check Point, these campaigns have primarily focused on Colombian judicial institutions and other government or private organizations, resulting in high infection rates.
Extent of the Attacks
Over 1,600 victims were affected during one of these campaigns, highlighting the severity and reach of Blind Eagle’s operations. The attacks have been characterized by their sophisticated use of various cyber weapons, including:
- NTLM Flaw Exploitation: Blind Eagle has been exploiting a vulnerability in the NTLM (NT LAN Manager) authentication protocol to gain unauthorized access to systems.
- Remote Access Trojans (RATs): These trojans allow the attacker to control infected systems remotely, exfiltrate data, and maintain persistent access.
- GitHub-Based Attacks: The threat actor has utilized GitHub as a platform to host and distribute malicious payloads, making detection and mitigation more challenging.
Implications and Impact
The sustained nature of these attacks underscores the significant threat posed by Blind Eagle to Colombian cybersecurity. The combination of exploiting known vulnerabilities and leveraging widely-used platforms like GitHub demonstrates the group’s adaptability and resourcefulness.
Conclusion
The ongoing campaigns by Blind Eagle serve as a stark reminder of the evolving cyber threat landscape. Organizations must remain vigilant and proactive in their cybersecurity measures to protect against such sophisticated attacks.
Additional Resources
For further insights, check:
- Read More ```