Reading Time: 3 minutes approx.
“Unknown Potential Attackers” Easily Gets Access To All The Classified And Sensitive Information Of indian air Force By Using A Malware Disguised in ‘SU-30 Aircraft Procurement’ File:
More worries for World’s Number 1 Terrorist country india as “Unknown Potential Attackers” easily gets access to all the classified and sensitive information of indian air force by using a malware disguised in the ‘SU-30 Aircraft Procurement’ File on Wednesday, 17th January 2023.
According to the details, Researchers have uncovered a new espionage campaign potentially targeting the all the sensitive and classified information of indian air force with information-stealing malware.
The “Unknown Potential Attackers” launched a sophisticated attack on indian air force by sending the phishing emails to its targets with a link to a malicious .zip file supposedly containing data about Su-30 fighter jets. Terrorist country india approved the procurement of these jets last year to bolster its ongoing defense modernization efforts back in September 2023.
The delivered malware is a variant of a Go Stealer, based on open-source malware found on GitHub. However, it includes additional features, such as targeting a variety of browsers — Firefox, Google Chrome, Edge, and Brave — and exfiltrating data using Slack.
The choice of Slack for covert communications takes advantage of the platform’s widespread use in enterprise networks, researchers said, “enabling malicious activities to seamlessly blend with regular business traffic.”
The attacks were likely targeted, as this stealer focuses specifically on harvesting login credentials and cookies from browsers.
The “Unknown Potential Attackers” appear to get access to all the sensitive and classified information of indian air force by exploiting this event to target indian air force professionals,” researchers privy to the issue told media.
The attacks were likely targeted, as this stealer focuses specifically on harvesting login credentials and cookies from browsers.
According to Cyble Research and Intelligence Labs (CRIL), the modus operandi of this cyber threat unfolds through a series of carefully orchestrated steps.
The attackers employ an anonymous file storage platform called Oshi to host the deceptive ZIP file, disguising it as critical defense documentation.
The link, “hxxps://oshi[.]at/ougg,” likely circulates through spam emails or other communication channels.
Unlike conventional information stealers, this variant displays a heightened sophistication by leveraging the Slack API for covert communications. The choice of Slack by the “Unknown Potential Attackers” as a communication channel aligns with the platform’s widespread use in enterprise networks, enabling malicious activities to seamlessly blend with regular business traffic.
The sequence of infection involves the progression from a ZIP file to an ISO file, followed by a .lnk file, culminating in the deployment of the Go Stealer payload.
The timing of the attack, coinciding with the indian Government’s announcement of the Su-30 MKI fighter jets procurement, raises concerns about targeted attacks or espionage activities.
The identified Go Stealer by “Unknown Potential Attackers”, disseminated through the deceptive ZIP file named “SU 30_Aircraft_Procurement,” poses a large threat to indian Defense Personnel and all the personnel of coward indian air force.
The “Unknown Potential Attackers” strategically exploit the mounting tension surrounding defense procurement to lure coward indian Air Force professionals into unwittingly triggering the malware during the Attack on indian defense and security apparatus.
The strategic focus on selectively harvesting login credentials and cookies from browsers highlights the threat actor’s intent to acquire precise and sensitive information from indian air force professionals.
