A new group called GoldenJackal targets government and diplomatic organizations in the Middle East and South Asia. This group, active for around four years, is highly skilled and difficult to detect. It focuses on countries like Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. They aim to steal data, spread malware through removable drives, and conduct surveillance.
The exact origin and affiliation of GoldenJackal are unknown, but their tactics suggest
Interestingly, there are some similarities between GoldenJackal and Turla, a Russian hacking group associated with the government. In some cases, victims were infected by both groups, although two months apart.
The initial method used by GoldenJackal to breach targeted computers has yet to be discovered. However, evidence suggests they
GoldenJackal deploys various malware families, including JackalSteal, which searches for and transmits specific files to a remote server, and JackalWorm, which spreads through removable USB drives and installs JackalControl.
Other malware includes JackalPerInfo, which harvests system information and credentials, and JackalScreenWatcher, which captures screenshots regularly and sends them to the attackers’ server.
A notable aspect of Golden Jackals operations is
“We don’t have any evidence of the vulnerabilities used to compromise the sites. However, we did observe that many websites were using obsolete versions of WordPress, and some had also been defaced or infected with previously uploaded web shells, likely due to low-key hacktivist or cybercriminal activity. For this reason, we assess that the vulnerabilities used to breach these websites are known rather than 0-days,” Kaspersky.
GoldenJackal poses a significant threat to government and diplomatic entities in the targeted regions. Organizations must stay vigilant, update their security measures, and be cautious when interacting with suspicious files or websites.