GoldenJackal: Breaching Air-Gapped Systems and Operational Tactics

GoldenJackal, an APT group known for targeting government and diplomatic entities in Europe, the Middle East, and South Asia, has caught the attention of security researchers for its successful breach of air-gapped systems. This feat, typically associated with nation-state actors, has raised concerns about the group’s capabilities and intentions.

Researchers have uncovered the operational tactics, techniques, and procedures used by GoldenJackal during their breaches of these highly secure networks. One of the most notable aspects of their operations is their ability to compromise air-gapped networks, which are isolated from the internet to prevent cyberattacks.

According to ESET researchers, GoldenJackal has developed and deployed two separate toolsets specifically designed to breach air-gapped systems. The first toolset, used in an attack against a South Asian embassy in Belarus, includes components such as GoldenDealer, GoldenHowl, and GoldenRobo, which enable the delivery of malicious executables via USB drives and the deployment of a modular backdoor.

In a subsequent series of attacks against a European Union governmental organization, GoldenJackal utilized a second highly modular toolset to collect and exfiltrate sensitive information from compromised systems. The researchers note that the group’s ability to develop and deploy such sophisticated toolsets within a short period is unprecedented and highlights their resourcefulness.

While these toolsets are advanced, researchers emphasize that defenders can better prepare themselves against future attacks by studying GoldenJackal’s tactics and monitoring indicators of compromise. By sharing a public list of IOCs on GitHub, researchers aim to assist defenders in detecting and mitigating potential threats from GoldenJackal.