Ionut Arghire
One of the campaigns, called Operation Celestial Force, has been ongoing since at least 2018, relying on both Android and Windows malware to target individuals in the Indian defense, government, and related technology sectors.
Security researchers at Cisco Talos Intelligence track the threat actor as Cosmic Leopard, but warn that the activity overlaps in tactics, techniques, tooling, and victimology with Transparent Tribe, a known Pakistan-linked state-sponsored group also tracked as APT36 and Mythic Leopard.
“Operation Celestial Force has been active since at least 2018 and continues to operate today — increasingly utilizing an expanding and evolving malware suite — indicating that the operation has likely seen a high degree of success targeting users in the Indian subcontinent,” Cisco Talos said.
Initially, the threat actor was only using the GravityRAT malware to target Windows users, but has since expanded its arsenal to add an Android version of the remote access tool (RAT) and the Electron-based HeavyLift malware loader.
No comments:
Post a Comment