Uncovering DNS Details on Operation Celestial Force
Operation Celestial Force is advanced persistent threat (APT) group Cosmic Leopard’s latest campaign targeting organizations primarily based in India.1 The threat actors used an Android and Windows malware combination to steal confidential data from targets.
A report of an in-depth investigation of Operation Celestial Force identified 19 domains as indicators of compromise (IoCs), which the WhoisXML API research team expanded to uncover other potentially connected artifacts.