Recently a cyberattack targeting important sectors in India, including defense and energy was reported. Unknown hackers have been using a sneaky tactic, posing as the Indian Air Force to trick individuals into downloading malware.
This malicious software, called HackBrowserData, is designed to steal sensitive information from computers. It’s been spread through fake emails pretending to be invitations from the Indian Air Force. Once the malware is on a computer, it secretly steals documents, emails, and even web browsing history.
But here’s where it gets even more concerning – the hackers have been using a popular workplace messaging platform, Slack, to send this stolen information to themselves. They’ve been able to access confidential documents and private messages from government offices and energy companies.
This cyberattack, which began on March 7, 2024, has been named Operation FlightNight by cybersecurity experts. It’s affected various government departments in India, as well as companies involved in energy production.
The hackers have managed to get their hands on sensitive financial documents, personal information of employees, and details about energy exploration activities. In total, they’ve stolen a massive 8.81 gigabytes of data during this attack.
So, how does this cyberattack work? It starts with a deceptive email containing a file named “invite.iso.” When someone opens this file, it runs a hidden program that starts collecting information from their computer. At the same time, a fake PDF invitation from the Indian Air Force pops up on the screen to distract the victim.
This malware isn’t just about stealing web browsing data – it’s been modified to grab all sorts of documents, including Microsoft Office files and PDFs. And by using Slack to send this information back to the hackers, they’ve been able to stay hidden from detection.
Interestingly, this isn’t the first time these hackers have struck. A similar attack, known as GoStealer, targeted the Indian Air Force earlier. It used similar tactics, tricking people with fake files and then stealing information using Slack.
What’s worrying is that these hackers aren’t using fancy, complicated tools. They’re taking advantage of freely available software and legitimate platforms like Slack that are commonly used in offices. This makes it easier for them to carry out attacks and harder for security experts to catch them.
This cyberattack serves as a reminder of the ever-changing threats in the digital world. Hackers are finding new ways to steal information and cause trouble, often with minimal effort and risk. It’s a wake-up call for organizations to stay vigilant and invest in strong cybersecurity measures.
As Arda Büyükkaya, a researcher at EclecticIQ, puts it, “Operation FlightNight and the GoStealer campaign highlight a simple yet effective approach by threat actors to use open-source tools for cyber espionage.” It’s a stark reminder of the evolving nature of cyber threats and the need for constant vigilance in the face of these challenges.
Interesting Article : ASEAN Countries On Target of Chinese Hackers Since 2023 or Beyond ?
Pingback: PyPI Takes Swift Action Against Malicious Uploads