Dark Web Profile: BlindEagle

BlindEagle (APT‑C‑36) is a South American–based hybrid espionage and cybercrime actor active since 2018 that uses culturally tailored, geofenced spear-phishing and commodity RATs (AsyncRAT, Remcos, njRAT, Quasar variants, DCRAT, etc.) to target Colombian government, judiciary, and regional banks; the report documents multi-stage droppers, process hollowing, rotating loaders/crypters, observed C2 and hosting infrastructure, and an exposed HTML containing thousands of stolen PII entries, indicating persistent region-focused operations with significant operational discipline.