HQ/EMEAFind out how we can help your business
A sophisticated espionage campaign potentially targeted at the Indian Air Force has leveraged information-stealing malware. Based on reports, the threat actors behind the campaign are utilising a new variant of the Go Stealer malware.
This infostealer is an open-source malware available on GitHub, with added functionalities to target various browsers, such as Firefox, Google Chrome, Edge, and Brave. The malware developers designed this weapon specifically to exfiltrate sensitive data using the widely used business communication platform Slack.
Phishing emails are the primary weapon for hackers to attack the Indian Air Force.
According to investigations, the espionage campaign involves delivering phishing emails to Indian Air Force professionals, offering a seemingly harmless link to a malicious .zip file.
The file purportedly contained data on the recently procured Su-30 fighter jets, a crucial component of India’s ongoing defence modernisation efforts approved last year. Researchers also noted that the attackers are capitalising on the procurement event to target the air force personnel specifically.
The Go Stealer variant employed in this campaign appears especially crafted for targeted attacks. It primarily focuses on stealing login credentials and cookies from various web browsers. In addition, the investigation emphasised that the deliberate nature of the malware suggests a tactical approach aimed at harvesting specific and sensitive information from the infected systems.
The hackers’ choice of Slack for covert communications is also essential for the operation, as it enables the malicious activities to seamlessly blend with regular business traffic, supporting the campaign’s covert structure.
As of now, the attribution of this campaign to a specific threat group remains a mystery despite the thorough investigation. There are also challenges in identifying the perpetrators due to the limited information available. Furthermore, the Indian Air Force has yet to issue official comments or responses about the alleged attacks.
This incident raises concerns about the cybersecurity status of the Indian Air Force, especially considering previous events where cyberattacks reportedly targeted the agency.
Securing military networks should be the top priority of each country in this modern age since the capabilities of threat actors are increasingly becoming more sophisticated. The ongoing investigation and response to this latest espionage campaign could likely influence future cybersecurity measures for the Indian Air Force and other military organisations worldwide.
