Hunting for Operation FlightNight: Attack Targeted towards Indian Government and Energy sectors
We were analyzing binaries from targeted attack towards Indian Government entities and energy sector entities in a operation coined as Operation FlightNight. It was interesting to do research and check the activities done by malware used by these threat actors. The targeted Phishing campaign spread a customized malware which was stealing information from multiple browsers of the victims.
This presentation will cover various aspects about Operation FlightNight binary Analysis & Threat Hunting:
- Threat Hunting for this custom malware
- Tactics and Delivery mechanism used by Actors to infect the victims. (Targeted Spear Phishing)
- Malware Payloads analysis
- Data stealing methods
- Behavioral indicators
- Threat Hunting for this custom malware
Amey Gat – Fortinet
Currently working as a Principal Threat Researcher at Fortinet. Working from 19+ years in industry, previously worked as Threat Intelligence Researcher, Information Security consultant, Developer of Firewall/IDS/IPS devices. Worked in various aspects of Threat Intelligence like Darknet coverage, OSINT, Building & deploying Honeypots, Automation of Darknet data collection. Moderator and Core Team member of hackers group Garage4hackers one of the leet hacker groups of India. Python programmer, official programmer in the past and Now for automation and fun and the love of python. Lock picking enthusiastic, done lock picking workshop at Garage4Hackers meet. Also conducted the first Lock picking workshop in India at NullCon 2015. Hardware and Electronics enthusiast, works with AVR and other embedded devices as a hobby. Created first ever hardware badge of Nullcon conference in 2014.