A cyber-espionage campaign targeting Indian government agencies and the energy sector has been unveiled by researchers, utilizing a modified version of the HackBrowserData information stealer. Named “Operation FlightNight,” the attackers disguised their malware as a phishing PDF document posing as an invitation letter from the Indian Air Force, subsequently exfiltrating data through Slack channels. The stolen information included sensitive documents, private emails, and browser data.
EclecticIQ researchers, who discovered the campaign, identified the exfiltration of 8.81 GB of data, raising concerns about potential further intrusions into Indian government infrastructure. The malware selectively targeted specific file extensions, such as Microsoft Office documents and PDF files, likely to optimize data theft speed. Although the specific threat actor remains unidentified, similarities between this campaign and a previous attack suggest a connection to an earlier cybercrime targeting Indian Air Force officials using the GoStealer malware.
The campaign underscores the threat posed by cybercriminals utilizing open-source tools for espionage, with researchers cautioning that both campaigns likely originate from the same threat actor. Through techniques like phishing and repurposing stolen documents, the attackers demonstrate a persistent and adaptable approach to infiltrating sensitive government and energy sector networks. As such, heightened vigilance and cybersecurity measures are crucial to mitigating the risks posed by such sophisticated cyber threats.