June 13, 2024 at 06:08AM
A new report from Cisco Talos details a group called “Cosmic Leopard,” operating as “Operation Celestial Force,” which has been conducting cyber espionage against Indian government and defense entities for at least six years. The group’s tactics include using malware like GravityRAT and HeavyLift to target individuals and organizations. Preventative measures are discussed for mobile and Windows devices.
The notes from the meeting indicate that a Pakistani threat actor has been involved in cyber espionage targeting Indian government-associated entities for at least six years. The group, referred to as “Cosmic Leopard” under the umbrella title “Operation Celestial Force,” has been conducting persistent efforts to infect targets with the intention of gathering as much data as possible for later analysis. Their attacks focus on espionage and surveillance against entities associated with India’s government, defense sectors, and related technology companies.
The group’s activities include the use of malware such as GravityRAT and HeavyLift, which target mobile devices with capabilities to gather and exfiltrate sensitive system data. The notes also highlight the evolving tactics, techniques, and procedures (TTPs) used by the threat actor, such as transitioning from phishing messages to establishing conversations with victims over social media channels, as well as setting up new infrastructure to avoid detection.
In terms of prevention, the notes suggest that for mobile devices, the best practice is to download software only from authorized app stores, such as Google Play for Android. For Windows computers, it is advised that organizations leverage their better visibility to apply layered security measures and prevent potential threats from becoming widespread issues.
Overall, the meeting notes underline the significance of understanding the tactics employed by threat actors and implementing effective preventive measures to safeguard against cyber threats.