Blind Eagle: …And Justice for All - Check Point Research

Blind Eagle, an APT group, has been targeting Colombian institutions and government entities since November 2024 using malicious .url files. These files, while not exploiting CVE-2024-43451, trigger WebDAV requests and download next-stage payloads, often Remcos RAT, via GitHub or BitBucket. The group’s campaigns, utilizing legitimate file-sharing platforms, have high infection rates, with over 1,600 victims in one campaign.