Operation Celestial Force employs mobile and desktop malware to target Indian entities
Essential information
- Published
- 14/06/2024 08:31
- Modified
- 14/06/2024 09:11
- Tags
- 2024-06-14 espionage gravityrat heavylift surveillance targeted attacks
- Related entities
- 142 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 2 others
Description
Cisco Talos is disclosing a new malware campaign called 'Operation Celestial Force' conducted by a Pakistani nexus of threat actors called 'Cosmic Leopard'. This multi-year operation has been targeting Indian entities and individuals since at least 2018, employing the use of GravityRAT (an Android and Windows malware) and HeavyLift (a Windows malware loader). The campaigns are administered by a tool called GravityAdmin, which manages multiple codenamed campaigns simultaneously. The operation utilizes spear phishing and social engineering to infect targets, continuously expanding its malware suite, indicating a high degree of success.