Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign

Operation FlightNight is a targeted cyber-espionage campaign observed from March 2024 that leveraged a modified HackBrowserData information stealer delivered via ISO files and LNK shortcuts masquerading as an Indian Air Force invitation; the malware collected browser credentials, cached data and selected document types and exfiltrated approximately 8.81 GB of sensitive files to attacker-operated Slack channels. The report includes malware analysis details, overlapping indicators with a prior Go-Stealer incident, hardcoded Slack tokens and workspaces, SHA-256 hashes, MITRE TTP mappings, detection signals (e.g., ISO mount events, LNK execution), and remediation recommendations.