Cyberespionage advanced persistent threat (APT) operation GoldenJackal has targeted air-gapped systems belonging to Europe-based government offices in new attacks, reports SC Media.
Intrusions by GoldenJackal commence with the deployment of several malware payloads, including JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher in internet-exposed devices before setting sights on connected USB drives to facilitate air-gapped systems compromise, according to an analysis from ESET.
GoldenJackal leverages JackalWorm to conceal an unknown malware component within a USB drive folder, which would then persistently dial Cloudflare's 1.1.1.1 public DNS service for internet connection discovery.
"In the observed attacks, GoldenJackal started to use a highly modular approach, using various components to perform different tasks. Some hosts were abused to exfiltrate files, others were used as local servers to receive and distribute staged files or configuration files, and others were deemed interesting for file collection, for espionage purposes," said ESET researcher Matias Porolli. These findings should prompt regular tracking and scanning of all organizational systems.
