Researchers have uncovered a new espionage campaign potentially targeting the Indian Air Force with information-stealing malware.
The unidentified threat actor sent phishing emails to its targets with a link to a malicious .zip file supposedly containing data about Su-30 fighter jets. India approved the procurement of these jets last year to bolster its ongoing defense modernization efforts.
“The hackers appear to be exploiting this event to target Indian Air Force professionals,” researchers at the cybersecurity firm Cyble said.
The delivered malware is a variant of a Go Stealer, based on open-source malware found on GitHub. However, it includes additional features, such as targeting a variety of browsers — Firefox, Google Chrome, Edge, and Brave — and exfiltrating data using Slack.