APT-C-36: Latin America’s Persistent Cyber-Espionage Force

APT-C-36 (aka Blind Eagle) is a Latin America–focused cyber-espionage actor active since 2018 that blends political intelligence collection with financially motivated theft; it primarily uses spearphishing (impersonating tax, legal, and telecom authorities), PowerShell-based loaders, and commodity RATs (AsyncRAT, QuasarRAT, njRAT, BitRAT) to gain access, persist via scheduled tasks/registry changes, and exfiltrate credentials and documents from government and financial institutions across South America. The report outlines observed campaigns from 2023–2025, OPSEC and infrastructure rotation tactics, and recommends localized user awareness, behavioral detection, network segmentation/Zero Trust, and regional intelligence sharing to mitigate the threat.