In a concerning development, India’s government agencies and key players in the energy sector have fallen victim to a sophisticated espionage campaign orchestrated through an open-source information stealer known as “HackBrowserData.” This alarming breach, uncovered by cybersecurity experts at EclecticIQ, sheds light on the vulnerability of critical infrastructure to cyber threats.
HackBrowserData, a modified information stealer, poses a significant risk by surreptitiously harvesting sensitive user data such as login credentials, cookies, and browsing history. The stealthy nature of this threat was revealed when researchers at EclecticIQ stumbled upon it disguised within a phishing email masquerading as an official communication from the Indian Air Force.
Once activated, the threat actor behind HackBrowserData utilized Slack channels as a conduit to disseminate the stolen internal documents, emails, and browser data. Dubbed “Operation FlightNight” by researchers, each Slack channel bore the name “FlightNight,” indicating a systematic intrusion aimed at compromising Indian government entities and energy companies.
The targets of this nefarious campaign encompass a wide spectrum, ranging from government agencies responsible for IT governance and national defense to entities involved in electronic communications. Furthermore, financial documents, personally identifiable information (PII), and critical data pertaining to oil and gas drilling operations have been compromised.
The magnitude of the breach is staggering, with an estimated 8.81 GB of sensitive data exfiltrated by the threat actor. Analysts, expressing medium confidence, warn that this trove of information could facilitate further incursions into India’s governmental infrastructure.
In response to these grave security concerns, EclecticIQ has collaborated with Indian authorities, sharing crucial insights from their research to aid in the investigation and mitigation of these attacks. By pooling resources and expertise, stakeholders aim to fortify defenses and safeguard against future threats.
As cybersecurity remains a paramount concern in an increasingly digitized world, proactive measures must be taken to thwart malicious actors and protect vital systems and data. The ‘HackBrowserData‘ espionage campaign serves as a sobering reminder of the ever-present dangers lurking in cyberspace and underscores the imperative for vigilance and resilience in the face of evolving threats.
Source: https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign