Indian government agencies and energy companies are facing a new threat in the form of spy campaign using an open source information thief.
“HackBrowersData”, a modified file information thief, can collect user login credentials, cookies and browser history, according to researchers at EclecticIQ, a Dutch cybersecurity company. Researchers discovered the information thief via a phishing email disguised as an invitation from the Indian Air Force.
According to researchers, the threat actor used Slack channels to upload the stolen internal documents, emails, and browser data after the information thief was executed. Each of the Slack channels used by the threat actor was named “FlightNight,” leading researchers to dub the intrusion “Operation FlightNight.”
Indian government bodies responsible for cyber governance, national defense and electronic communications were targeted. Bad actors also targeted financial documents, personally identifiable information (PII), and oil and gas drilling data from energy companies.
“In total, the actor exfiltrated 8.81 GB of data, leading analysts to assess with medium certainty that the data could facilitate further intrusions into Indian government infrastructure,” the researchers wrote in a blog post.
EclecticIQ has since shared its research with Indian authorities to help support victims of these attacks.