GoldenJackal (hacker group)

History

2024: Attacks on government agencies isolated from the Internet

In early October 2024, researchers cyber security ESET discovered new tools used by the hacker group GoldenJackal against governmental and diplomatic institutions in the To Europe Middle East and South. Asia

GoldenJackal is a little-known group of hackers, active since at least 2019. Its targets have already become the Embassy of South Asia in Belarus and an unnamed government organization of the European Union. The tools used by the group are primarily designed to attack isolated systems - computer networks that are physically isolated from unsecured networks, including the Internet. Typically, organizations isolate the most important networks, such as voting systems and industrial control systems, to minimize the risk of compromise.

𝓲

Freepik

Among other things, in 2019, hackers used GoldenDealer malware to deliver executable files to an isolated system via USB monitoring, the GoldenHowl backdoor and GoldenRobo, a file collector and exfilter. In the May 2022 attack, the group used another specialized toolkit capable of collecting files from USB drives, distributing payload over the network via USB drives, retrieving files and using certain computers on the network as servers to deliver various malicious files to other systems.

According to the researchers, GoldenJackal took a modular approach, using different components to perform different tasks. For example, GoldenUsbCopy monitors the connection of USB drives and copies files of interest to hackers to an encrypted container stored on disk, GoldenBlacklist downloads the encrypted archive from the local server and processes the e-mail messages contained in it, leaving only those of interest, and GoldenMailer extracts files by sending e-mails with attachments to accounts controlled by attackers. ESET researchers could not determine how hackers initially gained access to target systems.^[1]

Notes