Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

https://firewall.firm.in/wp-content/uploads/2024/09/zscaler.png

Sep 09, 2024Ravie LakshmananFinancial Security / Malware

Customized Quasar RAT

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) referred to as Quasar RAT since June 2024.

“Attacks have originated with phishing emails impersonating the Colombian tax authority,” Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published last week.

The advanced persistent threat (APT), also known as AguilaCiega, APT-C-36, and APT-Q-98, has a track record of focusing on organizations and individuals in South America, particularly related to the government and finance sectors in Colombia and Ecuador.

Cybersecurity

The attack chains, as recently documented by Kaspersky, originate with phishing emails that entice recipients into clicking on malicious links that serve as the launchpad for the infection process.

The links, either embedded within a PDF attachment or directly in the email body, point to ZIP archives hosted on a Google Drive folder associated with a compromised account that belongs to a regional government organization in Colombia.

“The lure used by Blind Eagle involved sending a notification to the victim, claiming to be a seizure order due to outstanding tax payments,” Pellegrino noted. “This is intended to create a sense of urgency and pressure the victim into taking immediate action.”

Customized Quasar RAT

The archive contains within it a Quasar RAT variant dubbed BlotchyQuasar, which packs in additional layers of obfuscation using tools like DeepSea or ConfuserEx to hinder analysis and reverse engineering efforts. It was previously detailed by IBM X-Force in July 2023.

The malware includes capabilities to log keystrokes, execute shell commands, steal data from web browsers and FTP clients, and monitor a victim’s interactions with specific banking and payment services located in Colombia and Ecuador.

Cybersecurity

It also leverages Pastebin as a dead drop resolver to fetch the command-and-control (C2) domain, with the threat actor leveraging Dynamic DNS (DDNS) services to host the C2 domain.

“Blind Eagle typically shields its infrastructure behind a combination of VPN nodes and compromised routers, primarily located in Colombia,” Pellegrino said. “This attack demonstrates the continued use of this strategy.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket