Full Report
Blind Eagle hackers linked to Russian host Proton66 to target banks in Latin America using phishing and RATs. Trustwave urges stronger security.
Analysis Summary
# Threat Actor: Blind Eagle
## Attribution & Identity
The threat actor is identified as **Blind Eagle**. They are linked to the use of infrastructure hosted by the Russian entity **Proton66**.
## Activity Summary
Blind Eagle has been observed targeting banks in Latin America using phishing and Remote Access Trojans (RATs).
## Tactics, Techniques & Procedures
- Phishing
- Use of Remote Access Trojans (RATs)
## Targeting
- Sectors: Banks/Financial Sector
- Geography: Latin America
- Victims: Not specified, but targeting financial institutions.
## Tools & Infrastructure
- Malware families used: Remote Access Trojans (RATs)
- Infrastructure (C2, domains, IPs - defang URLs): Infrastructure linked to Russian host **Proton66**.
## Implications
Blind Eagle presents a direct threat to the financial infrastructure in Latin America, leveraging established Russian hosting infrastructure for their operations. This suggests a focused, likely financially-motivated campaign targeting high-value assets in the region.
## Mitigations
- Trustwave has urged stronger security measures (specific recommendations are not detailed in the text but general security improvements are implied).
- Increased vigilance against spear-phishing campaigns.
- Robust deployment and monitoring of Endpoint Detection and Response (EDR) solutions capable of detecting RAT activity.