New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,902
An advanced persistent threat (APT) actor named GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019, Russian cybersecurity firm Kaspersky reports.

Only conducting highly targeted attacks, the APT has hit a small number of entities in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, likely in an effort to stay under the radar.

Mainly focused on espionage, GoldenJackal is using a specific set of .NET malware to control victim computers, spread via removable drives, collect information, take screenshots, steal credentials, and exfiltrate data.

The threat actor has been observed using a fake Skype installer and a malicious Word document as initial infection vectors. The document would fetch a malicious HTML page to exploit the Follina vulnerability only two days after proof-of-concept (PoC) code targeting the bug was made public.

Malware used by the APT includes JackalControl, JackalPerInfo, JackalScreenWatcher, JackalSteal, and JackalWorm.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top