Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers discovered five activity clusters linked to the threat actor Blind Eagle, targeting Colombian government entities and other sectors from May 2024 to July 2025. The attacks, tracked as TAG-144, utilized spear-phishing, RATs, and dynamic DNS infrastructure, with a focus on financial and government espionage. The group’s persistent targeting of Colombian government entities raises questions about its motivations, potentially involving both financial gain and state-sponsored espionage.