Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Mind the (air) gap: GoldenJackal gooses government guardrails

Nov. 18, 2024, 5:03 p.m.

Description

ESET researchers uncovered two distinct toolsets used by the GoldenJackal APT group to breach air-gapped systems in government organizations. The first toolset, observed in 2019, included GoldenDealer for delivering executables via USB drives, GoldenHowl as a modular backdoor, and GoldenRobo for file collection and exfiltration. The second toolset, deployed from 2022 to 2024, featured a highly modular approach with components for file collection, distribution, and exfiltration. GoldenJackal primarily targeted government and diplomatic entities in Europe, the Middle East, and South Asia, demonstrating sophisticated capabilities to compromise isolated networks. The group's evolution in developing two separate air-gap breaching toolsets within five years highlights their advanced threat level and awareness of network segmentation practices employed by their targets.

Date

Published: Nov. 17, 2024, 12:25 a.m.

Created: Nov. 17, 2024, 12:25 a.m.

Modified: Nov. 18, 2024, 5:03 p.m.

Attack Patterns

GoldenDrive

GoldenMailer

GoldenPyBlacklist

GoldenBlacklist

JackalWorm

GoldenAce

GoldenUsbGo

GoldenUsbCopy

GoldenRobo

GoldenHowl

GoldenDealer

GoldenJackal

Additional Informations

Government

Belarus