Barbie malware

Introduction

The unprecedented cyber espionage attempt on the Indian Air Force has shocked the military fraternity in the age of the internet where innovation is vital to national security. The attackers have shown a high degree of expertise in their techniques, using a variant of the infamous Go Stealer and current military acquisition pronouncements as a cover to obtain sensitive information belonging to the Indian Air Force. In this recent cyber espionage revelation, the Indian Air Force faces a sophisticated attack leveraging the infamous Go Stealer malware. The timing, coinciding with the Su-30 MKI fighter jets' procurement announcement, raises serious questions about possible national security espionage actions.

A sophisticated attack using the Go Stealer malware exploits defense procurement details, notably the approval of 12 Su-30 MKI fighter jets. Attackers employ a cunningly named ZIP file, "SU-30_Aircraft_Procurement," distributed through an anonymous platform, Oshi, taking advantage of heightened tension surrounding defense procurement.

Advanced Go Stealer Variant:

The malware, coded in Go language, introduces enhancements, including expanded browser targeting and a unique data exfiltration method using Slack, showcasing a higher level of sophistication.

Strategic Targeting of Indian Air Force Professionals:

The attack strategically focuses on extracting login credentials and cookies from specific browsers, revealing the threat actor's intent to gather precise and sensitive information.

Timing Raises Espionage Concerns:

The cyber attack coincides with the Indian Government's Su-30 MKI fighter jets procurement announcement, raising suspicions of targeted attacks or espionage activities.

The Deceitful ZIP ArchiveSU-30 Aircraft Acquisition

The cyberattack materialised as a sequence of painstakingly planned actions. Using the cleverly disguised ZIP file "SU-30_Aircraft_Procurement," the perpetrators took benefit of the authorisation of 12 Su-30 MKI fighter jets by the Indian Defense Ministry in September 2023. Distributed via the anonymous file storage network Oshi, the fraudulent file most certainly made its way around via spam emails or other forms of correspondence.

The Spread of Infection and Go Stealer Payload:

The infiltration procedure progressed through a ZIP file to an ISO file, then to a.lnk file, which finally resulted in the Go Stealer payload being released. This Go Stealer version, written in the programming language Go, adds sophisticated capabilities, such as a wider range of browsing focussed on and a cutting-edge technique for collecting information using the popular chat app Slack.

Superior Characteristics of the Go Stealer Version

Different from its GitHub equivalent, this Go Stealer version exhibits a higher degree of complexity. It creates a log file in the machine owned by the victim when it is executed and makes use of GoLang utilities like GoReSym for in-depth investigation. The malware focuses on cookies and usernames and passwords from web browsers, with a particular emphasis on Edge, Brave, and Google Chrome.

This kind is unique in that it is more sophisticated. Its deployment's cyber enemies have honed its strengths, increasing its potency and detection resistance. Using GoLang tools like GoReSym for comprehensive evaluation demonstrates the threat actors' careful planning and calculated technique.

Go Stealer: Evolution of Threat

The Go Stealer first appeared as a free software project on GitHub and quickly became well-known for its capacity to stealthily obtain private data from consumers who aren't paying attention. Its effectiveness and stealthy design rapidly attracted the attention of cyber attackers looking for a sophisticated tool for clandestine data exfiltration. It was written in the Go programming language.

Several cutting-edge characteristics distinguish the Go Stealer from other conventional data thieves. From the beginning, it showed a strong emphasis on browser focusing on, seeking to obtain passwords and login information from particular websites including Edge, Brave, and Google Chrome.The malware's initial iteration was nurtured on the GitHub database, which has the Go Stealer initial edition. Threat actors have improved and altered the code to serve their evil goals, even if the basic structure is freely accessible.

The Go Stealer version that has been discovered as the cause of the current internet spying by the Indian Air Force is not limited to its GitHub roots. It adds features that make it more dangerous, like a wider range of browsers that may be targeted and a brand-new way to exfiltrate data via Slack, a popular messaging app.

Secret Communications and Information Expulsion

This variation is distinguished by its deliberate usage of the Slack API for secret chats. Slack was chosen because it is widely used in company networks and allows harmful activity to blend in with normal business traffic. The purpose of the function "main_Vulpx" is specifically to upload compromised information to the attacker's Slack route, allowing for covert data theft and communication.

The Time and Strategic Objective

There are worries about targeted assaults or espionage activities due to the precise moment of the cyberattack, which coincides with the Indian government's declaration of its acquisition of Su-30 MKI fighter fighters. The deliberate emphasis on gathering cookies and login passwords from web browsers highlights the threat actor's goal of obtaining accurate and private data from Indian Air Force personnel.

Using Caution: Preventing Possible Cyber Espionage

• Alertness Against Misleading Techniques: Current events highlight the necessity of being on the lookout for files that appear harmless but actually have dangerous intent. The Su-30 Acquisition ZIP file is a stark illustration of how these kinds of data might be included in larger-scale cyberespionage campaigns.
• Potentially Wider Impact: Cybercriminals frequently plan coordinated operations to target not just individuals but potentially many users and government officials. Compromised files increase the likelihood of a serious cyber-attack by opening the door for larger attack vectors.
• Important Position in National Security: Recognize the crucial role people play in the backdrop of national security in the age of digitalisation. Organised assaults carry the risk of jeopardising vital systems and compromising private data.
• Establish Strict Download Guidelines: Implement a strict rule requiring file downloads to only come from reputable and confirmed providers. Be sceptical, particularly when you come across unusual files, and make sure the sender is legitimate before downloading any attachments.
• Literacy among Government Employees: Acknowledge that government employees are prime targets as they have possession of private data. Enable people by providing them with extensive cybersecurity training and awareness that will increase their cognition and fortitude.

Conclusion

Indian Air Force cyber surveillance attack highlights how sophisticated online dangers have become in the digital era. Threat actors' deliberate and focused approach is demonstrated by the deceptive usage of a ZIP archive that is camouflaged and paired with a sophisticated instance of the Go Stealer virus. An additional level of complication is introduced by integrating Slack for covert communication. Increased awareness, strict installation guidelines, and thorough cybersecurity education for government employees are necessary to reduce these threats. In the digital age, protecting national security necessitates ongoing adaptation as well as safeguards toward ever-more potent and cunning cyber threats.

References

• ‍https://www.overtoperator.com/p/indianairforcemalwaretargetpotential
• ‍https://cyberunfolded.in/blog/indian-air-force-targeted-in-sophisticated-cyber-attack-with-su-30-procurement-zip-file#go-stealer-a-closer-look-at-its-malicious-history
• ‍https://thecyberexpress.com/cyberattack-on-the-indian-air-force/https://therecord.media/indian-air-force-infostealing-malware

‍

At Semicon India 2025 held recently, the Prime Minister declared, “when the chips are down, you can bet on India”.  The event showcased the country’s first indigenous microprocessor, Vikram, developed by ISRO’s Semiconductor Lab, and announced that commercial chip production will begin by the end of 2025. India aims to become a global player in semiconductor production, and build self-reliance in a world where global supply chains are shifting rapidly. 

Why Semiconductors Matter

Semiconductors power almost everything around us, from laptops and air conditioners to cars and even the tiniest gadget we hardly notice . They’ve rightly been called the “oil of the digital age” because our entire digital world depends on them. But the global supply chain for chips is heavily concentrated. Taiwan alone makes over 60% of the world’s semiconductors and nearly 90% of the most advanced ones. Rising tensions between China and Taiwan have only shown how fragile and risky this dependence can be for the rest of the world. For India, building its own semiconductor base is not just about technology, it is about economic security and reduced dependence on imports.

India’s Push: The Numbers and Projects

The government has committed nearly US$18 billion across 10 projects, making it one of the country’s largest industrial bets in decades. Under the Production Linked Incentive (PLI) scheme, ₹76,000 crore (about US$9.1 billion) was set aside, of which most has already been allocated.

Key developments include:

• Vikram processor – developed at ISRO’s Semiconductor Lab, fabricated on 180nm technology.
• CG Power facility in Sanand, Gujarat – launched in 2024, scaling chip assembly and testing.
• Micron’s investment – ₹22,500+ crore in Gujarat for packaging and testing.
• Tata Electronics–PSMC partnership – ₹91,000 crore tie-up with Taiwan’s Powerchip for fabs.

The domestic market, valued at US$38 billion in 2023, is expected to touch US$100–110 billion by 2030 if growth sustains.

The Technology Gap

While the Vikram chip, a 32 bit microprocessor, is a proud milestone, it highlights the technology gap  India faces. The chip was fabricated using a 180nm CMOS process, a process that was cutting-edge back in the early 2000s. Today, companies like TSMC and Samsung are already producing 3nm chips for smartphones and AI servers, whereas those like Nvidia and Apple have developed chips 2ith 64-bit processing capabilities.

This means India's main focus, to become self-reliant in the mature end of the spectrum useful for space, defense, and automotives and electronics, is far from the global cutting edge. Bridging this gap will require both time and deep technical expertise.

Talent and Design Strengths

On the positive side, India already contributes around 20% of global semiconductor design talent. Two advanced design centers—one in Noida and another in Bengaluru—are working on 3nm designs. The government’s Design Linked Incentive scheme has cleared 20+ projects to nurture startups in chip design.

Over 60,000 engineers have been trained under various programs, but scaling this to the hundreds of thousands needed for fabs remains a challenge. Unlike software development, semiconductor fabrication demands highly specialised skills in process engineering, yield optimization, and supply chain logistics.

Lessons from Global Players

Countries like Taiwan, South Korea, and the US didn’t build their chip industries overnight. Taiwan’s TSMC spent decades and billions of dollars mastering yield rates and building trust with clients. The US recently passed the CHIPS and Science Act to revive domestic production, while the EU has its own Chips Act. Japan, too, has pledged billions, including ¥10 trillion in cooperation with India.

These examples show that success depends not just on funding , but also on harmony between government and private players, consistent execution, ecosystem building, and global partnerships.

The Challenges Ahead

India’s ambitions face several hurdles:

• Capital intensity – A single leading-edge fab costs US$10–20 billion, and requires constant upgrades.
• Supply chain complexity – Hundreds of chemicals, gases, and precision tools are needed, many of which India doesn’t yet produce domestically.
• Technology transfer – Advanced lithography machines (from ASML in the Netherlands, for example) are tightly controlled and not easily available.
• Execution risks – Moving from announcements to commercially viable fabs with competitive yields is where many countries have stumbled.

The Way Forward

India has big ambitions in the field of semi-conductor design and manufacturing, with the goal of becoming a major  global exporter instead of importer. The country appears to be adopting a step-by-step approach, starting with assembly, testing, and mature-node fabs, while simultaneously investing in design, research, and talent. Every successful global power in this industry first mastered older nodes before advancing to cutting-edge levels.

At the same time, international collaborations with players like Micron, Tata-PSMC, and Japan will be critical for technology transfer and capacity building. If India can combine its engineering talent, rising domestic demand, and government backing with the PLI scheme, and drive global collaborations, the outlook can be promising. 

Conclusion

India’s semiconductor story is just beginning, but the direction is clear. The Vikram processor and investment announcement at Semicon 2025 shows the intent of the government. The hard part now lies ahead: moving from prototypes to large-scale production and globally competitive fabs in an industry that demands substantial investment, flawless execution, and years of patience.

Yet the stakes couldn’t be higher. Semiconductors will shape the future of economies and national security . If India plays its cards right by nurturing talent, innovating and researching, and driving global partnerships,  the dream of becoming a global semiconductor hub may well move from ambition to reality.

‍

References 

• https://www.ndtv.com/india-news/when-chips-are-down-bet-on-india-pm-narendra-modis-big-semiconductor-push-6539317 
• https://www.indiatoday.in/science/story/what-is-vikram-32-bit-chip-presented-to-pm-modi-at-semicon-india-2025-2780582-2025-09-02#
• https://www.visionofhumanity.org/the-worlds-dependency-on-taiwans-semiconductor-industry-is-increasing/ 
• https://m.economictimes.com/tech/artificial-intelligence/tata-electronics-and-powerchip-semiconductor-manufacturing-corporation-to-build-indias-first-semiconductor-fab/articleshow/113694273.cms 
• https://www.business-standard.com/economy/news/10-trillion-yen-in-10-years-japan-pledges-big-investment-in-india-125082901564_1.html 
• https://www.oecd.org/content/dam/oecd/en/publications/reports/2023/06/vulnerabilities-in-the-semiconductor-supply-chain_f4de7491/6bed616f-en.pdf 
• https://techwireasia.com/2025/09/semiconductor-india-commercial-production-2025/ 

‍

Introduction

“GPS Spoofing” though formerly was confined to conflict zones as a consequence, has lately become a growing hazard for pilots and aircraft operators across the world, and several countries have been facing such issues. This definition stems from the US Radio Technical Commission for Aeronautics, which delivers specialized advice for government regulatory authorities. Global Positioning System (GPS) is considered an emergent part of aviation infrastructure as it supersedes traditional radio beams used to direct planes towards the landing. “GPS spoofing” occurs when a double-dealing radio signal overrides a legitimate GPS satellite alert where the receiver gets false location information. In the present times, this is the first time civilian passenger flights have faced such a significant danger, though GPS signal interference of this character has existed for over a decade. According to the Agency France-Presse (AFP), false GPS signals mislead onboard plane procedures and problematise the job of airline pilots that are surging around conflict areas. GPS spoofing may also be the outcome of military electronic warfare systems that have been deployed in zones combating regional tension. GPS spoofing can further lead to significant upheavals in commercial aviation, which include arrivals and departures of passengers apart from safety.

Spoofing might likewise involve one country’s military sending false GPS signals to an enemy plane or drone to impede its capability to operate, which has a collateral impact on airliners operating at a near distance. Collateral impairment in commercial aircraft can occur as confrontations escalate and militaries send faulty GPS signals to attempt to thwart drones and other aircraft. It could, therefore, lead to a global crisis, leading to the loss of civilian aircraft in an area already at a high-risk zone close to an operational battle area. Furthermore, GPS jamming is different from GPS Spoofing. While jamming is when the GPS signals are jammed or obstructed, spoofing is very distinct and way more threatening. 

Global Reporting

An International Civil Aviation Organization (ICAO) assessment released in 2019 indicated that there were 65 spoofing incidents across the Middle East in the preceding two years, according to the C4ADS report. At the beginning of 2018, Euro control received more than 800 reports of Global Navigation Satellite System (GNSS) interference in Europe. Also, GPS spoofing in Eastern Europe and the Middle East has resulted in up to 80nm divergence from the flight route and aircraft impacted have had to depend on radar vectors from Air Traffic Control (ATC). According to Forbes, flight data intelligence website OPSGROUP, constituted of 8,000 members including pilots and controllers, has been reporting spoofing incidents since September 2023. Similarly, over 20 airlines and corporate jets flying over Iran diverted from their planned path after they were directed off the pathway by misleading GPS signals transmitted from the ground, subjugating the navigation systems of the aircraft.  

In this context, vicious hackers, however at large, have lately realized how to override the critical Inertial Reference Systems (IRS) of an airplane, which is the essential element of technology and is known by the manufacturers as the “brains” of an aircraft. However, the current IRS is not prepared to counter this kind of attack. IRS uses accelerometers, gyroscopes and electronics to deliver accurate attitude, speed, and navigation data so that a plane can decide how it is moving through the airspace. GPS spoofing occurrences make the IRS ineffective, and in numerous cases, all navigation power is lost.

Red Flag from Agencies

The European Union Aviation Safety Agency (EASA) and the International Air Transport Association (IATA) correspondingly hosted a workshop on incidents where people have spoofed and obstructed satellite navigation systems and inferred that these direct a considerable challenge to security. IATA and EASA have further taken measures to communicate information about GPS tampering so that crew and pilots can make sure to determine when it is transpiring. The EASA had further pre-cautioned about an upsurge in reports of GPS spoofing and jamming happenings in the Baltic Sea area, around the Black Sea, and regions near Russia and Finland in 2022 and 2023. According to industry officials, empowering the latest technologies for civil aircraft can take several years, and while GPS spoofing incidents have been increasing, there is no time to dawdle. Experts have noted critical navigation failures on airplanes, as there have been several recent reports of alarming cyber attacks that have changed planes' in-flight GPS. As per experts, GPS spoofing could affect commercial airlines and cause further disarray. Due to this, there are possibilities that pilots can divert from the flight route, further flying into a no-fly zone or any unauthorized zone, putting them at risk.

According to OpsGroup, a global group of pilots and technicians first brought awareness and warning to the following issue when the Federal Aviation Administration (FAA) issued a forewarning on the security of flight risk to civil aviation operations over the spate of attacks. In addition, as per the civil aviation regulator Directorate General of Civil Aviation (DGCA), a forewarning circular on spoofing threats to planes' GPS signals when flying over parts of the Middle East was issued. DGCA advisory further notes the aviation industry is scuffling with uncertainties considering the contemporary dangers and information of GNSS jamming and spoofing. 

Conclusion

As the aviation industry continues to grapple with GPS spoofing problems, it is entirely unprepared to combat this, although the industry should consider discovering attainable technologies to prevent them. As International conflicts become convoluted, technological solutions are unrestricted and can be pricey, intricate and not always efficacious depending on what sort of spoofing is used.

As GPS interference attacks become more complex, specialized resolutions should be invariably contemporized. Improving education and training (to increase awareness among pilots, air traffic controllers and other aviation experts), receiver technology (Creating and enforcing more state-of-the-art GPS receiver technology), ameliorating monitoring and reporting (Installing robust monitoring systems), cooperation (collaboration among stakeholders like government bodies, aviation organisations etc.), data/information sharing, regulatory measures (regulations and guidelines by regulatory and government bodies) can help in averting GPS spoofing.

References

• https://economictimes.indiatimes.com/industry/transportation/airlines-/-aviation/false-gps-signal-surge-makes-life-hard-for-pilots/articleshow/108363076.cms?from=mdr
• https://nypost.com/2023/11/20/lifestyle/hackers-are-taking-over-planes-gps-experts-are-lost-on-how-to-fix-it/
• https://www.timesnownews.com/india/planes-losing-gps-signal-over-middle-east-dgca-flags-spoofing-threat-article-105475388
• https://www.firstpost.com/world/gps-spoofing-deceptive-gps-lead-over-20-planes-astray-in-iran-13190902.html
• https://www.forbes.com/sites/erictegler/2024/01/31/gps-spoofing-is-now-affecting-airplanes-in-parts-of-europe/?sh=48fbe725c550
• https://www.insurancejournal.com/news/international/2024/01/30/758635.htm
• https://airwaysmag.com/gps-spoofing-commercial-aviation/
• https://www.wsj.com/articles/aviation-industry-to-tackle-gps-security-concerns-c11a917f
• https://www.deccanherald.com/world/explained-what-is-gps-spoofing-that-has-misguided-around-20-planes-near-iran-iraq-border-and-how-dangerous-is-this-2708342

‍