An attack on India’s defense and energy sectors

28 March 2024 1 minute Author: Newsman

Criminals targeted Indian government organizations and private energy companies, using malware to steal sensitive information via phishing emails and Slack.

The attack began by sending phishing messages with an ISO file that contained malware designed to steal data from victims’ web browsers and transmit it through a specially crafted Slack channel. Experts at EclecticIQ and an Indian security researcher known as xelemental have provided detailed information about this campaign, including the attack methods and the malware used. In total, about 8.81 GB of data was stolen, including financial documents and personal information of employees.

Cybercriminals sent phishing emails masquerading as official invitations from the Indian Air Force and used Slack as a channel to steal data. This attack used a modified version of the HackBrowserData open source software that allowed attackers to steal documents and cached web browser data.

Operation FlightNight is an example of how attackers are adapting well-known tools and platforms like Slack to carry out cyber attacks with minimal cost and complexity. This underscores the need for organizations to continually update their cybersecurity protocols and employee education programs to prevent such incidents.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.