Manufacturing organizations across North America have been targeted by financially motivated threat operation Blind Eagle, also known as APT-C-36, in new attacks leveraging the Ande Loader malware for remote access trojan delivery, reports The Hacker News.
Attacks with Ande Loader have been facilitated by phishing emails with RAR and BZ2 archives, with the former enabling the deployment of Remcos RAT and the latter leading to the distribution of NjRAT, according to a report from eSentire. Moreover, crypters by Roda and Pjoao1578 have also been utilized by Blind Eagle in its intrusions, said researchers. "One of the crypters developed by Roda has the hardcoded server hosting both injector components of the crypter and additional malware that was used in the Blind Eagle campaign," researchers added. The findings follow a recent SonicWall report detailing the exploitation of a RogueKiller AntiMalware software-related driver by the latest DBatLoader malware variant for Remcos RAT distribution.