VERY IMPORTANT

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google Drive accounts. BlotchyQuasar, a variant of QuasarRAT, is heavily obfuscated and capable of keylogging, stealing credentials, and monitoring banking activities. The malware communicates with command and control servers using dynamic DNS services and VPNs. This campaign demonstrates BlindEagle's continued focus on South American targets, particularly in Colombia, using tax-related lures and customized malware variants.