An advanced persistent threat (APT) actor named GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019, Russian cybersecurity firm Kaspersky reports.
Only conducting highly targeted attacks, the APT has hit a small number of entities in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, likely in an effort to stay under the radar.
Mainly focused on espionage,
GoldenJackal is using a specific set of .NET malware to control victim computers, spread via removable drives, collect information, take screenshots, steal credentials, and exfiltrate data.
The threat actor has been observed using a fake Skype installer and a malicious Word document as initial infection vectors. The document would fetch a malicious HTML page to exploit the Follina vulnerability only two days after proof-of-concept (PoC) code targeting the bug was made public.
Malware used by the APT includes JackalControl, JackalPerInfo, JackalScreenWatcher, JackalSteal, and JackalWorm.
