Blind Eagle is a threat actor group that utilizes Proton66’s bulletproof hosting and outdated VBS scripts to conduct multi-stage cyberattacks targeting South American organizations, especially in Colombia. The group employs phishing, remote access trojans, and botnet control panels to steal data and maintain persistent access, even after patches. #BlindEagle #Proton66 #VBS #Colombia #Cyberattack
Keypoints
- Blind Eagle is linked to hosting provider Proton66, which facilitates its malicious activities.
- The group uses dynamic DNS services and rotated subdomains to avoid detection.
- Its attacks mainly target Colombian banks and financial institutions through phishing pages.
- VBS scripts act as loaders for remote access trojans and are a key part of the attack chain.
- Despite patching efforts, Blind Eagle persists by adapting its tactics and exploiting vulnerabilities.
Read More: https://thehackernews.com/2025/06/blind-eagle-uses-proton66-hosting-for.html