October 8, 2024 at 11:56AM
The APT hacking group GoldenJackal breached air-gapped government systems in Europe using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. The attacks occurred at least twice, targeting government and diplomatic entities for espionage. GoldenJackal also developed a new modular toolset to optimize covert operations. Multiple tools were used, including GoldenDealer, GoldenHowl, and GoldenAce.
From the meeting notes, clear takeaways can be summarized as follows:
1. APT hacking group, GoldenJackal, has successfully breached air-gapped government systems in Europe using custom toolsets to steal sensitive data like emails, encryption keys, images, and documents.
2. Incidents were reported in September 2019 at the embassy of a South Asian country in Belarus, in July 2021, and another against a European government organization between May 2022 and March 2024.
3. Kaspersky warned about GoldenJackal’s activities in May 2023, emphasizing their focus on government and diplomatic entities for espionage.
4. GoldenJackal’s custom tools, such as ‘GoldenDealer,’ ‘GoldenHowl,’ ‘GoldenRobo,’ ‘GoldenAce,’ ‘GoldenUsbCopy,’ ‘GoldenUsbGo,’ ‘GoldenBlacklist,’ ‘GoldenPyBlacklist,’ ‘GoldenMailer,’ and ‘GoldenDrive’ were used to infiltrate air-gapped systems and exfiltrate sensitive data.
5. The hacking group also developed a new Go-based modular toolset in 2022 that allowed them to task different machines with separate roles for their illicit activities.
6. The presence of two toolsets shows GoldenJackal’s capability to develop new custom malware and optimize it for covert operations.
These takeaways cover the key points from the meeting notes and provide a clear understanding of the security breaches and the methods used by the GoldenJackal hacking group.