Ethical Hacking News
GoldenJackal, a sophisticated threat actor, has been linked to a series of cyber attacks targeting embassies and governmental organizations with the aim of infiltrating air-gapped systems. The attacks demonstrate a high degree of sophistication and resourcefulness on the part of GoldenJackal, highlighting the ongoing threat posed by this threat actor.
The cybersecurity landscape has witnessed numerous sophisticated threats in recent years, with GoldenJackal being one of the most notable examples. GoldenJackal's origins date back to at least 2019, with ESET discovering GoldenJackal artifacts in a South Asian embassy in Belarus in August and September 2019. The attacks targeting embassies and governmental organizations rely on an entirely new set of malware tools mostly written in Go. GoldenJackal's malware includes tools for collecting files from USB drives, spreading malware via USB drives, exfiltrating data, and using machine servers as staging servers. The attacks against the South Asian embassy in Belarus made use of three different malware families, including GoldenDealer, GoldenHowl, and GoldenRobo. GoldenJackal's sophisticated threat actor manages to gain initial compromise by using trojanized Skype installers or malicious Microsoft Word documents as entry points. The attacks carried out by GoldenJackal demonstrate a high degree of sophistication and resourcefulness on the part of this threat actor.
The cybersecurity landscape has witnessed numerous sophisticated threats in recent years, with GoldenJackal being one of the most notable examples. This threat actor has been linked to a series of cyber attacks targeting embassies and governmental organizations, with the ultimate goal of infiltrating air-gapped systems and stealing confidential information.
According to a report by Slovak cybersecurity company ESET, GoldenJackal first came to light in May 2023, when Russian security vendor Kaspersky detailed the threat cluster's attacks on government and diplomatic entities in the Middle East and South Asia. The adversary's origins stretch back to at least 2019, with ESET discovering GoldenJackal artifacts at a South Asian embassy in Belarus in August and September 2019, and again in July 2021.
The attacks targeting the unnamed government organization in Europe have been found to rely on an entirely new set of malware tools mostly written in Go. These tools are engineered to collect files from USB drives, spread malware via USB drives, exfiltrate data, and use some machine servers as staging servers to distribute payloads to other hosts. The malware used in these attacks includes GoldenUsbCopy and its improved successor GoldenUsbGo, which monitor USB drives and copy files for exfiltration; GoldenAce, which is used to propagate the malware, including a lightweight version of JackalWorm, to other systems (not necessarily those that are air-gapped) using USB drives; GoldenBlacklist and its Python implementation GoldenPyBlacklist, which are designed to process email messages of interest for subsequent exfiltration; GoldenMailer, which sends the stolen information to attackers via email; and GoldenDrive, which uploads stolen information to Google Drive.
The attacks against the South Asian embassy in Belarus are said to have made use of three different malware families, in addition to JackalControl, JackalSteal, and JackalWorm - GoldenDealer, which is used to deliver executables to the air-gapped system via compromised USB drives; GoldenHowl, a modular backdoor with capabilities to steal files, create scheduled tasks, upload/download files to and from a remote server, and create an SSH tunnel; and GoldenRobo, a file collector and data exfiltration tool.
It's currently not known as to how GoldenJackal manages to gain initial compromise to breach target environments. However, Kaspersky previously alluded to the possibility of trojanized Skype installers and malicious Microsoft Word documents as entry points.
"Managing to deploy two separate toolsets for breaching air-gapped networks in only five years shows that GoldenJackal is a sophisticated threat actor aware of network segmentation used by its targets," said security researcher MatÃas Porolli. "With the level of sophistication required, it is quite unusual that in five years, GoldenJackal managed to build and deploy not one, but two separate toolsets designed to compromise air-gapped systems."
The attacks carried out by GoldenJackal demonstrate a high degree of sophistication and resourcefulness on the part of this threat actor. In order to breach air-gapped networks, GoldenJackal uses a combination of malware tools, including worm named JackalWorm that's capable of infecting connected USB drives and delivering a trojan dubbed JackalControl.
The attacks targeting embassies and governmental organizations highlight the ongoing threat posed by sophisticated threat actors such as GoldenJackal. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and implement robust cybersecurity measures to protect themselves against advanced threats.
Related Information:
https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html
Published: Tue Oct 8 05:53:55 2024 by llama3.2 3B Q4_K_M
