Misplaced Pages

GoldenJackal

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

GoldenJackal is an advanced persistent threat active since 2019.

Targets

According to Kaspersky targets include the governments of Afghanistan, Azerbaijan, Iran, Iraq, Pakistan and Turkey.

They have also targeted the European Union in 2022.

Methods

Some attacks have been seen to use the Follina vulnerability. This exploit uses malicious Microsoft Word documents that execute PowerShell commands via the Microsoft Support Diagnostic Tool.

Toolkit

In the attack on the European Union a new toolkit was noted by ESET. This included code written in Go and Python. This toolkit can steal documents from airgapped machines by some elements of the kit infecting machines via USB flash drive. Infected machines that aren't connected to a network can hide stolen documents on a USB drive in a way that infected machines connected to a network can retrieve and send to attacker.

Possible Russian connection

ESET noted that the command and control protocol used by the groups malware is typically used by Turla, which is connected the Federal Security Service of Russia, suggesting the group may be Russian speakers.

References

  1. ^ Toulas, Bill (2023-05-23). "GoldenJackal state hackers silently attacking govts since 2019". Bleeping Computer. Retrieved 2024-10-15.
  2. ^ Toulas, Bill (2024-10-08). "European govt air-gapped systems breached using custom malware". Bleeping Computer. Retrieved 2024-10-16.
  3. ^ Goodin, Dan (2024-10-12). "A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines". Wired. Archived from the original on 12 Oct 2024. Retrieved 2024-10-15.
  4. Ilascu, Ionut (2022-05-30). "New Microsoft Office zero-day used in attacks to execute PowerShell". Bleeping Computer.
  5. Lyons, Jessica (2024-10-09). "Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware". The Register. Retrieved 2024-10-16.
Hacking in the 2020s
← 2010s Timeline 2030s →
Major incidents
2020
2021
2022
2023
2024
Groups
Individuals
Major vulnerabilities
publicly disclosed
Malware
2020
2021
2022
Categories: