Persistent long-running Pakistani malware campaign discovered

14 June 2024

Organizations and individuals in the government, defense, and technology sectors across India have been targeted by Pakistan-linked threat group Cosmic Leopard, also known as SpaceCobra, in attacks with the GravityRAT Android malware and HeavyLift Windows malware loader as part of Operation Celestial Force, which has been ongoing since 2018, reports The Hacker News. Attacks by Cosmic Leopard, which has been associated with Transparent Tribe, commenced with the delivery of spearphishing emails redirecting to a malicious site that would then leverage the GravityAdmin hacking tool, which would then choose whether GravityRAT, which has also evolved to target macOS, or HeavyLift would be deployed on the targeted system, an analysis from Cisco Talos Intelligence revealed.

Source: SC Magazine

Date:

14 June 2024

Categorie(s):

NEWS

Tag(s):

IT, Network Security, News, Persistent

ToxicPanda Malware Targets Banking Apps on Android Devices5 November 2024
Overcoming Cybersecurity Integration Roadblocks5 November 2024
The AI Fix #23: Murder most weird, and why 9.11 is bigger than 9.95 November 2024
NordVPN vs ExpressVPN: Which VPN Should You Choose?5 November 2024
Ongoing typosquatting campaign impersonates hundreds of popular npm packages5 November 2024