Cyberwarfare New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments
A new advanced persistent threat (APT) named GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019, according to Russian cybersecurity firm, Kaspersky. With a focus solely on highly targeted attacks, the APT has been hitting a select few entities in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. The group’s main focus is espionage, and they use a specific set of .NET malware to control victim computers. The malware is spread via removable drives, collect victim information, screenshot the victim’s desktop, and steal credentials. GoldenJackal was initially observed using a fake Skype installer and a malicious Word document to initiate an infection. The malware is called JackalControl, JackalPerInfo, JackalScreenWatcher, JackalSteal, and JackalWorm. At present, the APT uses compromised WordPress websites to proxy requests to and from a backbone server.
APT Tactics
As an APT actor, GoldenJackal uses certain tactics, techniques, and procedures to achieve its desired objectives. These include the use of .NET tools and the compromise of WordPress websites. GoldenJackal has an interest in the same targets and uses a similar victim UID generation algorithm to Russia-linked cyberespionage group Turla, but Kaspersky believes these similarities are not conclusive.
Cybersecurity Analysis
This advanced persistent threat demonstrates the continued evolution of cyberattacks, where threat actors become more sophisticated with their tactics, techniques, and procedures. GoldenJackal‘s ability to avoid detection by conducting highly targeted attacks indicates an evolution in threat actor behavior and highlights the need for stronger cybersecurity measures, particularly in the public sector.
Editorial and Advice
GoldenJackal is yet another APT targeting government and diplomatic entities. It is essential that because of the high level of sensitivity associated with these entities and their functions, adequate measures and protocols be put in place not to compromise their operations. Governments need to invest more in cybersecurity equipment and provide the requisite cybersecurity training to relevant personnel, while at the same time raising the cybersecurity awareness of the general population.
It is crucial for targets to take steps to protect themselves from these threats, including the segregation of sensitive networks to prevent lateral movement, implementing strong access controls, and monitoring security events in real-time. This will help to detect any unusual activity and provide the opportunity to cut off any illegal access. Additionally, software patch management should be a top priority to address any known vulnerabilities in critical software. Since some of these cyberattacks use fake installers like the one used by GoldenJackal, it is essential to ensure its legitimacy before installation. Finally, staff should be trained to spot social engineering tactics.
<< photo by cottonbro studio >>
You might want to read !
- Unveiling the GoldenJackal: A Deep Dive into a New Cyber Threat Group Targeting Governments in the Middle East and South Asia
- The Implications of Timothy Haugh as the Next Cyber Command Chief
- The Danger of SuperMailer Abuse: A Bypass to Email Security for Credential Theft
- Aggregate Cyber Risk: An Essential Guide for Security Professionals
- The Dark Reality of Human Trafficking and Cryptocurrency Mining Schemes: FBI Investigation
- Uncovering North Korea’s illicit cyber activities: A closer look at the Treasury Department’s latest sanctions
- Exploring the Implications of an Extensive Phishing Attack Conducted Using SuperMailer
- The Growing Threat of Multi-Stage Malware Attacks in the Middle East
- “Meta Reveals Extensive Social Media Cyber Espionage Campaigns Targeting South Asia”
