Blind Eagles North American Journey
The eSentire Threat Response Unit (TRU) recently observed the Blind Eagle threat actor targeting the manufacturing industry in North America. The actor used phishing emails containing malicious VBS files that delivered the Ande Loader which then deployed Remcos RAT and NjRAT payloads. Technical analysis shows Blind Eagle leveraging crypters developed by threat actors known as Roda and Pjoao1578. The campaign targeted Spanish-speaking users at manufacturing companies. eSentire recommends implementing EDR solutions and security awareness training to help defend against Blind Eagle.