Malware, Threat Intelligence

Novel Quasar RAT variant deployed by Blind Eagle

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Advanced persistent threat operation Blind Eagle, also known as APT-C-36, APT-Q-98, and AguilaCiega, has deployed a new variant of the Quasar RAT backdoor dubbed "BlotchyQuasar" in intrusions against insurance organizations across Colombia, The Hacker News reports.

Blind Eagle's attacks commence with the distribution of Colombia tax authority-spoofing phishing emails luring recipients into clicking embedded links redirecting to a Google Drive folder-hosted ZIP archive that facilitates BlotchyQuasar execution, according to a Zscaler ThreatLabz analysis. Aside from facilitating keystroke logging, shell command execution, banking and payment service monitoring, and browser and FTP client data exfiltration, BlotchyQuasar also enabled command-and-control domain retrieval through the usage of Pastebin as a dead drop resolver while bypassing detection through the ConfuserEx and DeepSea tools. "Blind Eagle typically shields its infrastructure behind a combination of VPN nodes and compromised routers, primarily located in Colombia. This attack demonstrates the continued use of this strategy," said Zscaler ThreatLabz researcher Gaetano Pellegrino.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds