Cyber-Threat Alert: Blind Eagle Strikes Spanish-Speaking Businesses

The cybercriminal collective known as Blind Eagle has intensified its attacks on Spanish-speaking users, particularly those employed in the manufacturing sector of North America.

To disseminate malware, the hackers have adopted a novel type of downloader named Ande Loader. The aim of these attacks is the delivery of Remote Access Trojans (RATs), including well-known examples such as Remcos and NjRAT.

According to the Canadian cybersecurity firm eSentire, cybercriminals employ phishing emails containing RAR and BZ2 archives as the key to triggering the malicious chain. Password-protected archives contain a Visual Basic Script (VBScript) file, which ensures the malware’s persistence in the target system and initiates the Ande Loader. The loader, in turn, activates the Remcos RAT Trojan.

In an alternative attack variant observed by specialists, the perpetrators use a Discord link to distribute a BZ2 archive, which launches Ande Loader to deliver NjRAT instead of Remcos RAT.

eSentire notes that the Blind Eagle group utilizes special encryptors (crypters) to camouflage malicious components, crafted by hackers under the aliases Roda and Pjoao1578. Among these encryptors, researchers highlight the programs FuckCrypt and UpCry.

Thus, the Blind Eagle group has demonstrated an expansion of its attack geography and the refinement of its methods for delivering malware, targeting industrial enterprises while actively employing sophisticated means to circumvent protective mechanisms.

To avoid such attacks, companies need to implement multilayered protection measures, including advanced solutions for monitoring endpoints, network traffic, and cloud activity.

Furthermore, it is crucial to regularly conduct cybersecurity training for employees to counteract social engineering and phishing attacks, often the initial point of intrusion.

Only a comprehensive approach to cybersecurity, combining protective measures, monitoring, and increased awareness, can ensure enterprises’ resilience against modern cyber threats.