Mind the (air) gap: GoldenJackal gooses government guardrails

Nov. 18, 2024, 5:03 p.m.

Description

ESET researchers uncovered two distinct toolsets used by the GoldenJackal APT group to breach air-gapped systems in government organizations. The first toolset, observed in 2019, included GoldenDealer for delivering executables via USB drives, GoldenHowl as a modular backdoor, and GoldenRobo for file collection and exfiltration. The second toolset, deployed from 2022 to 2024, featured a highly modular approach with components for file collection, distribution, and exfiltration. GoldenJackal primarily targeted government and diplomatic entities in Europe, the Middle East, and South Asia, demonstrating sophisticated capabilities to compromise isolated networks. The group's evolution in developing two separate air-gap breaching toolsets within five years highlights their advanced threat level and awareness of network segmentation practices employed by their targets.

Attack Patterns

  • GoldenDrive
  • GoldenMailer
  • GoldenPyBlacklist
  • GoldenBlacklist
  • JackalWorm
  • GoldenAce
  • GoldenUsbGo
  • GoldenUsbCopy
  • GoldenRobo
  • GoldenHowl
  • GoldenDealer
  • GoldenJackal

Additional Informations

  • Government
  • Belarus