As part of the campaign, tagged to as Operation FlightNight, phishing lures masquerading as an invitation letter from the Indian Air Force were sent to various Indian government entities, including agencies for electronic communications, IT governance, and national defense.
The phishing emails carried an ISO file containing the malware and a shortcut file (LNK) posing as the PDF invitation letter. Once opened, it executed the hidden malware, while displaying a decoy document that was likely stolen in a previous intrusion and repurposed.
