European govt air-gapped systems breached using custom malware

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.

According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024.

In May 2023, Kaspersky warned about GoldenJackal's activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage.

Although their use of custom tools spread over USB pen drives, like the 'JackalWorm,' was known, cases of a successful compromise of air-gapped systems were not previously confirmed.

Air-gapped systems are used in critical operations, which often manage confidential information, and are isolated from open networks as a protection measure.

European govt air-gapped systems breached using custom malware

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.

www.bleepingcomputer.com

 

[Brahman]

According to the report, the infection spread through removable drives which was inserted firstly to an infected system and then to the air gaped system. If a system was so precious and because of its nature it was air gaped, then why do you want to insert a removable drive which was previously used on an insecure system ?