28 March 2024

Cyber spies strike Indian government and energy sectors


Cyber spies strike Indian government and energy sectors

A sophisticated threat actor has been targeting Indian government entities and the energy sector as part of a recent cyber espionage campaign.

Dubbed “Operation FlightNight,” the campaign was first observed on March 7, 2024, by analysts at cybersecurity firm EclecticIQ.

The operation employed a modified version of the open-source information stealer, HackBrowserData. According to the researchers, the framework has been updated with new functionalities, such as communication via Slack channels and document exfiltration.

The attack vector involved phishing emails posing as official invitations from the Indian Air Force containing malware disguised as a harmless PDF document contained within an ISO file. Upon execution of a shortcut link (LNK) within the ISO file, the malware initiated the data exfiltration process.

EclecticIQ found that the attacker operated within Slack channels, dubbing each channel “FlightNight.” These channels served as exfiltration points for stolen data, which included confidential government documents, private email correspondence, and cached web browser data. The targeted entities spanned various government agencies responsible for electronic communications, IT governance, and national defense.

Additionally, private Indian energy companies fell victim to the intrusion, with financial documents and sensitive operational details compromised.

The researchers said that the threat actor was able to exfiltrate 8.81 GB of data, including information that could facilitate further intrusions into critical government infrastructure.


Back to the list

Latest Posts

Cyber Security Week in Review: July 19, 2024

Cyber Security Week in Review: July 19, 2024

In brief: Global IT outage hits multiple companies, Chinese APT41 continues hacking spree, two LockBit affiliates plead guilty, and more.
19 July 2024
WazirX crypto exchange confirms security breach following $230M theft

WazirX crypto exchange confirms security breach following $230M theft

The breach involved one of WazirX’s multisig wallets.
18 July 2024
Global crackdown on West African cybercrime leads to hundreds of arrests

Global crackdown on West African cybercrime leads to hundreds of arrests

The operation has resulted in the arrest of nearly 300 individuals and the identification of over 400 additional suspects.
18 July 2024