?Disputed2024
Blind Eagle
Blind Eagle is a financially and politically motivated threat actor targeting organisations in South America, primarily Colombia, Ecuador, Chile and Panama. Active since at least 2018, known for deploying commodity RATs against government and financial sector targets.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.6
Low signal strength
Mentions2
Sources1
High conf.1
Last seenMay 2026
First observed
2018
Last active
2024
Origin
South America
Aliases
5
Techniques
0
Campaigns
0
South Americadisputed confidence
TargetsGovernmentFinancialLaw Enforcement
RegionsSouth AmericaColombiaEcuadorChilePanama
Attribution signals
2 mentions · 1 source#1attributed tohigh
Infrastructure
security-affairs
May 2026
"Infrastructure hosted on Regxa Company for Information Technology Ltd (regxa.iq) was identified as hosting C2 associated with a February 2026 espionage campaign attributed to the Eagle Werewolf cluster"
Campaign: February 2026 espionage campaign
#2linked activitymoderate
Unspecified
checkpoint
May 2026
"Linked activity included Phorpiex, Eagle Werewolf espionage, exploitation of a React Native CLI flaw, and RondoDox botnet activity"
Hedge terms observed
attributed tolinked activity