June 13, 2024 at 06:48AM
Threat actors with ties to Pakistan are behind a long-running malware campaign named Operation Celestial Force, utilizing Android and Windows-based malware administered through a tool called GravityAdmin. The cybersecurity community attributes the intrusion to an adversary known as Cosmic Leopard, with indications that it targets users in the Indian subcontinent. The operation has been active since at least 2018 and continues to evolve in its tactics.
Certainly! After reviewing the meeting notes, here are the key takeaways:
1. Threat actors with ties to Pakistan have been involved in a long-running malware campaign called Operation Celestial Force, employing Android malware GravityRAT and Windows-based malware HeavyLift, administered via GravityAdmin.
2. The campaign, ongoing since at least 2018, has targeted users in the Indian subcontinent, with increasing use of an expanding and evolving malware suite.
3. The threat actor, Cosmic Leopard, has been observed using spear-phishing and social engineering to distribute the malware, masquerading as innocuous programs to establish trust with targets.
4. GravityRAT, first discovered in 2018, has evolved into a multi-platform tool targeting military personnel in India and the Pakistan Air Force, while HeavyLift is an Electron-based malware loader family targeting the Windows operating system and macOS.
5. GravityAdmin, used to commandeer infected systems, consists of multiple inbuilt user interfaces corresponding to specific campaigns operated by malicious actors.
6. The multi-year operation has continuously targeted Indian defense, government, and related technology spaces.
These takeaways provide a clear overview of the ongoing cyber threat and the tactics employed by the threat actors involved in Operation Celestial Force.