Indian energy companies and government entities have been targeted with malware as a means of exfiltrating sensitive information. So far, the attackers are unknown threat actors.
The malware is a type of updated open-source information stealer malware with the name HackBrowserData. This malware is able to exfiltrate sensitive information by using Slack as its command-and-control (C2). According to an EclecticIQ researcher, the malware was delivered to the target via phishing emails. These emails were posed as being from the Indian Air Force. These threat actor(s) employed Slack channels as a vehicle for exfiltration by uploading confidential documents and communications. This campaign has received the nickname Operation FlightNight and was first witnessed on March 7, 2024. Targets of the spearphishing campaign have been government entities in India including, IT, and electronic communications agencies. Private energy companies have also been targeted, with financial records, employee information, and energy harvesting information being exfiltrated. This updated version of the HackBrowserData malware enables threat actors to siphon documents and slack communications with improved obfuscation abilities making it harder to detect. Overall, 8.81 GD of data was heisted by the threat actors.
Read more:
https://thehackernews.com/2024/03/hackers-target-indian-defense-and.html