CyberWire Daily On the prowl for mobile malware. [Research Saturday]
Dec 28, 2024
Asheer Malhotra and Vitor Ventura from Cisco Talos dive into the intriguing world of mobile malware, focusing on the espionage campaign known as Operation Celestial Force. They reveal how a Pakistani group has been exploiting vulnerabilities in Indian defense and tech sectors for years. The discussion uncovers the evolution of mobile malware tactics, the role of social media in attacks, and the significance of understanding threat actor attribution. Listeners will gain insights into the urgent need for enhanced cybersecurity awareness to combat these sophisticated threats.
AI Snips
Chapters
Transcript
Episode notes
Cosmic Leopard: A New Threat Actor Cluster
- Cosmic Leopard is a newly identified threat actor cluster targeting India, potentially linked to Pakistan.
- This cluster may encompass subgroups or evolve, requiring ongoing research and analysis.
Cosmic Leopard's Tactics
- Cosmic Leopard uses social media, instant messaging, and even honey traps to build trust with targets.
- After establishing contact, they deliver malware to compromise victims' systems.
Deceptive Cloud Services
- Cosmic Leopard created convincing cloud storage websites and apps (Cloudy, ZCloud) to steal data.
- These platforms functioned legitimately, masking the malware's presence and encouraging voluntary uploads.