Open source software allowed you to steal gigabytes of confidential data.
EclecticIQ has discovered a new spying campaign targeting government agencies and India's energy industry.
Criminals used a modified version of the open source data theft software HackBrowserData, which is capable of collecting browser credentials, cookies, and browsing history. According to EclecticIQ, hackers exfiltrated 8.81 GB of data, which may contribute to further hacking of the Indian government's infrastructure.
The spyware was delivered to victims via a phishing PDF document disguised as an invitation letter from the Indian Air Force. It is assumed that the original PDF file was stolen during a previous hack. The document contained a shortcut to download malware that began exfiltrating data from the victim's device into Slack feeds, including internal documents, emails, and cached web browser data.
EclecticIQ analysts called the campaign Operation FlightNight, because each of the Slack channels managed by the attackers had the name FlightNight. During data exfiltration, the malware only targeted certain file types – Microsoft Office documents, PDFs, and SQL databases.
Among those affected are Indian government agencies responsible for electronic communications, IT management and national defense. Hackers stole financial documents, personal data of employees and information about drilling operations in the oil and gas industry from private energy companies.
Although there is no direct evidence of the involvement of a specific group of hackers, the similarity of the malware used and the delivery methods "strongly indicate" a link to the attack on Indian Air Force officers using the GoStealer infostiler.
Both campaigns are probably the work of the same threat actor. Operation FlightNight and the campaign using GoStealer highlight the attackers simple but effective approach to using open source tools for cyber espionage, the researchers note.
EclecticIQ has discovered a new spying campaign targeting government agencies and India's energy industry.
Criminals used a modified version of the open source data theft software HackBrowserData, which is capable of collecting browser credentials, cookies, and browsing history. According to EclecticIQ, hackers exfiltrated 8.81 GB of data, which may contribute to further hacking of the Indian government's infrastructure.
The spyware was delivered to victims via a phishing PDF document disguised as an invitation letter from the Indian Air Force. It is assumed that the original PDF file was stolen during a previous hack. The document contained a shortcut to download malware that began exfiltrating data from the victim's device into Slack feeds, including internal documents, emails, and cached web browser data.
EclecticIQ analysts called the campaign Operation FlightNight, because each of the Slack channels managed by the attackers had the name FlightNight. During data exfiltration, the malware only targeted certain file types – Microsoft Office documents, PDFs, and SQL databases.
Among those affected are Indian government agencies responsible for electronic communications, IT management and national defense. Hackers stole financial documents, personal data of employees and information about drilling operations in the oil and gas industry from private energy companies.
Although there is no direct evidence of the involvement of a specific group of hackers, the similarity of the malware used and the delivery methods "strongly indicate" a link to the attack on Indian Air Force officers using the GoStealer infostiler.
Both campaigns are probably the work of the same threat actor. Operation FlightNight and the campaign using GoStealer highlight the attackers simple but effective approach to using open source tools for cyber espionage, the researchers note.
