A little-known threat actor known as GoldenJackal has been identified in a series of cyber attacks targeting embassies and governmental organizations with the goal of infiltrating air-gapped systems using two specialized toolsets.
The attacks have targeted a South Asian embassy in Belarus and a European Union government organization, as reported by Slovak cybersecurity company ESET.
The primary objective of GoldenJackal appears to be stealing confidential information, especially from high-profile machines that are not connected to the internet, according to security researcher Matías Porolli.
First uncovered in May 2023, GoldenJackal has roots dating back to at least 2019, with recent attacks employing a worm named JackalWorm to infect connected USB drives and deploy a trojan known as JackalControl.
The group has displayed sophisticated tactics, targeting both air-gapped systems and internet-connected machines using distinct sets of malware tools.
ESET’s analysis reveals that GoldenJackal has deployed multiple malware families, including GoldenDealer, GoldenHowl, GoldenRobo, GoldenUsbCopy, GoldenAce, GoldenBlacklist, GoldenMailer, and GoldenDrive, each with specific functions aimed at compromising targeted systems.
While the initial infection vector remains unclear, the group is believed to use trojanized software installations and malicious documents to gain a foothold in target environments.
GoldenJackal’s ability to develop and deploy sophisticated toolsets for breaching air-gapped networks within a relatively short timeframe demonstrates the group’s advanced capabilities and understanding of target networks.
For more exclusive content on cybersecurity, follow us on Twitter and LinkedIn.