Not so long ago, reports began to receive that the BLIND EAGLE Spanish-speaking group (tracking as the Apt-C-36) returned to the cybercrower arena and brought with it an updated set of hacker tools, as well as one of the most complex chains of infection in history Cyberataks aimed at Colombian and Ecuadorian organizations. About all this told researchers from Check Point in their last report.
Banks of Ecuador, Spain and Panama were the victims of the phishing attacks of the attackers:
BANCO AV Villas
Banco Caja Social
Banco de Bogotá
BANCO Popular
Bancoomeva
bbva
colpatria
davivienda
Transunion
It is known that hackers interrupt the attack if their victim is outside Columbia. Similarly, they act in the course of another malicious campaign, where they impersonate the tax service of Ecuador. True, in the latter case, Blind Eagle does not just unfold Trojan in the victim’s system, but conducts a much more cunning and complex attack using a VBS script built into the HTML file. Two scenarios written on Python:
- are loaded through this script.
byav2.py
mp.py
As experts say, Blind Eagle is not going to stop and continue its attacks to earn even more money on careless victims.