A new report from Cisco Talos has shed light on a long-standing cyber espionage campaign originating from Pakistan, targeting entities associated with the Indian government. This threat actor, dubbed “Cosmic Leopard,” has been operating under the umbrella title “Operation Celestial Force” for at least six years, conducting espionage and surveillance against individuals and organizations linked to India’s government, defense sectors, and related technology companies.
According to Asheer Malhotra, a researcher at Cisco, the primary goal of Cosmic Leopard is to gather as much data as possible from their targets, with the intention of analyzing it at a later stage. The group has shown a pattern of evolution in their tactics and tools over the years, with the development of malware such as the GravityRAT Trojan and the HeavyLift malware loader for targeting both Windows and Android devices, as well as MacOS.
The modus operandi of a typical Celestial Force attack involves sending spear phishing emails or social media messages containing malicious links disguised as legitimate applications. Once the target clicks on the link, they unknowingly download the GravityRAT or HeavyLift malware, enabling the threat actors to access and exfiltrate sensitive information from the victim’s device.
One of the key strengths of the HeavyLift malware is its ability to trick victims into willingly uploading their data to the threat actor’s cloud storage under the guise of a legitimate application. This approach allows the threat actors to circumvent traditional data theft methods and gain access to valuable information without triggering suspicion.
Vltor Ventura, lead security researcher at Cisco, highlights the sophistication of Cosmic Leopard’s tactics, emphasizing the need for increased awareness and vigilance among potential targets. While mobile devices can be protected by downloading software only from authorized app stores like Google Play, Windows computers offer better visibility for organizations to detect and prevent such attacks.
To mitigate the risk of infection, Ventura recommends implementing layered security measures and educating employees about the dangers of clicking on suspicious links or downloading unknown software. By proactively addressing cybersecurity threats, organizations can prevent unauthorized access to sensitive data and safeguard their digital assets from external threats.
In light of the ongoing cyber espionage activities by Cosmic Leopard, it is essential for government agencies, defense sectors, and technology companies to enhance their security protocols and remain vigilant against potential threats. By staying informed and adopting proactive security measures, organizations can effectively defend against malicious actors seeking to compromise their networks and access confidential information.