June 14, 2024 at 10:27AM
Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have targeted Indian government entities in separate espionage campaigns. Operation Celestial Force, ongoing since 2018, utilizes Android and Windows malware to target individuals in defense, government, and related technology sectors. Similarly, UTA0137 has been using the ‘Disgomoji’ malware to access Linux systems, tailored for Indian government entities.
Based on the meeting notes, it is evident that Pakistan-based threat actors, identified as Cosmic Leopard and UTA0137, have been targeting government entities in India through two separate espionage campaigns.
1. Operation Celestial Force, conducted by Cosmic Leopard, began in at least 2018 and has targeted Indian defense, government, and related technology sectors. The threat actor has expanded its malware arsenal to include both Windows and Android malware. Spear phishing and social media platforms have been utilized to deliver malicious documents and engage with potential victims.
2. UTA0137 has been using the Go-based ‘Disgomoji’ malware to target Indian government entities, particularly those using the custom Linux distribution named BOSS as their daily desktop. They have also exploited the DirtyPipe (CVE-2022-0847) vulnerability to target vulnerable BOSS 9 systems.
Both campaigns indicate a high degree of targeting success in the Indian subcontinent, with tailored attacks towards the intended victims.
Additionally, related reports and findings point to ongoing cyberespionage activities targeting government and energy entities in India, indicating a continuing threat to the region’s cybersecurity.
Let me know if there is anything specific you would like to focus on from these notes.