Several discoveries made by ESET about GoldenJackal are worth noting, including its intent to infiltrate networks that have been air-gapped, a security measure that involves physically isolating highly sensitive network segments or systems from the internet or untrusted networks to decrease the risk of compromise or lateral movement.
Who is GoldenJackal?
Active since at least 2019, GoldenJackal is an APT group known to target government and diplomatic entities in the Middle East and South Asia, according to a 2023 report from Kaspersky Lab, which has been tracking the group since mid-2020.
GoldenJackal’s previously known malware tools, written mainly in .NET, enabled the group to control victim machines, spread across systems using removable drives, exfiltrate files from infected systems, steal credentials, collect information about web browsing activities, and take screen captures. Kaspersky Lab, which documented the tools, dubbed them JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher.
