Cybersecurity researchers have identified five activity clusters linked to the threat actor Blind Eagle targeting primarily Colombian government agencies and other sectors from May 2024 to July 2025. The group employs tactics like spear-phishing, RATs, and use of legitimate internet services for staging, reflecting both espionage and financially motivated operations. #BlindEagle #TAG144
Keypoints
- Blind Eagle has conducted targeted campaigns mainly against Colombian government and related sectors.
- The threat group employs spear-phishing, malicious documents, and URL shorteners to infect victims.
- They use open-source and cracked RATs like Lime RAT, DCRat, and Remcos for remote access and control.
- Their infrastructure includes Colombian ISP IPs, VPS, VPNs, and legitimate internet services for staging malicious payloads.
- Analysis revealed five distinct activity clusters with consistent tactics and evolving malware deployment.
Read More: https://thehackernews.com/2025/08/blind-eagles-five-clusters-target.html