October 8, 2024 at 12:05PM
GoldenJackal, an APT hacking group, breached air-gapped European government systems using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. They utilized malware like GoldenDealer and GoldenAce, spreading through USB drives. Kaspersky warned of their focus on government entities for espionage. ESET reported new modular toolsets used in 2022.
Key takeaways from the meeting notes:
– An APT hacking group known as GoldenJackal has breached air-gapped government systems in Europe using custom toolsets to steal sensitive data.
– GoldenJackal targeted government and diplomatic entities for espionage, with the use of custom tools spread over USB pen drives, known as ‘JackalWorm.’
– The older attacks by GoldenJackal involved infecting internet-connected systems with malware called ‘GoldenDealer,’ which would then be transferred to air-gapped systems.
– GoldenJackal has recently started using a new modular toolset, which enabled different machines to perform separate roles like file exfiltration, file staging, and configuration distribution.
– The new malware used for USB infection is named GoldenAce, and it exfiltrates files based on specific instructions and keywords.
– GoldenJackal’s capability to develop new custom malware and optimize it for covert operations is demonstrated by the presence of two toolsets that overlap with tools described in Kaspersky’s report.
These clear takeaways provide a comprehensive understanding of the activities and capabilities of the GoldenJackal hacking group.