Man
Professional
- Messages
- 3,011
- Reaction score
- 535
- Points
- 113
ESET uncovers a sophisticated scheme of attack on isolated systems.
Researchers from ESET have discovered a series of cyberattacks on the "air gap" systems of government organizations carried out by the GoldenJackal APT group. The espionage campaign was conducted from May 2022 to March 2024 using specialized tools to penetrate systems that are not connected to the Internet.
The GoldenJackal group has been operating since at least 2019. Among the early targets of the hackers is the South Asian embassy in Belarus, where they first used their unique tools aimed at isolated systems. This campaign was one of the first documented examples of such attacks, and the tools themselves were publicly documented for the first time.
The main components of the tools used include:a
In more recent attacks on European Union government organizations, GoldenJackal has refined its tools to make them modular. This made it possible to efficiently configure data collection and transmission, as well as manage configurations on infected systems.
The researchers noted that some of the infected systems were used to transfer files, while others served as local servers for receiving and distributing information. The target of the attacks was systems with confidential information, especially those that did not have access to the Internet.
One possible scenario for the GoldenJackal attack involves infecting a USB drive on an external computer and then connecting it to an isolated system by an unaware employee. Malware installed on the device collects data and then returns it to the hackers when they reconnect to an internet-enabled system.
GoldenJackal focuses on government and diplomatic structures in Europe, South Asia and the Middle East. The group's attacks are aimed at stealing confidential information, mainly from highly secure machines.
Although ESET has linked the tools to GoldenJackal, the origin of the group itself remains unclear. The use of USB devices to penetrate isolated systems underscores the dangers of such attacks, which can bypass even the most stringent security measures.
This case of attacks on air-gapped systems demonstrates that even the most secure networks can be vulnerable to sophisticated penetration methods. The reliance on physical equipment such as USB devices and the subtlety of the attackers' approach underscore the importance of enhanced cybersecurity and staff awareness, as even the slightest mistake can result in a large-scale data breach.
Source
Researchers from ESET have discovered a series of cyberattacks on the "air gap" systems of government organizations carried out by the GoldenJackal APT group. The espionage campaign was conducted from May 2022 to March 2024 using specialized tools to penetrate systems that are not connected to the Internet.
The GoldenJackal group has been operating since at least 2019. Among the early targets of the hackers is the South Asian embassy in Belarus, where they first used their unique tools aimed at isolated systems. This campaign was one of the first documented examples of such attacks, and the tools themselves were publicly documented for the first time.
The main components of the tools used include:a
- GoldenDealer is a program for transferring malicious files via USB drives;
- GoldenHowl is a modular backdoor with data collection and exfiltration functions;
- GoldenRobo is a tool for collecting and transferring files from infected systems.
In more recent attacks on European Union government organizations, GoldenJackal has refined its tools to make them modular. This made it possible to efficiently configure data collection and transmission, as well as manage configurations on infected systems.
The researchers noted that some of the infected systems were used to transfer files, while others served as local servers for receiving and distributing information. The target of the attacks was systems with confidential information, especially those that did not have access to the Internet.
One possible scenario for the GoldenJackal attack involves infecting a USB drive on an external computer and then connecting it to an isolated system by an unaware employee. Malware installed on the device collects data and then returns it to the hackers when they reconnect to an internet-enabled system.
GoldenJackal focuses on government and diplomatic structures in Europe, South Asia and the Middle East. The group's attacks are aimed at stealing confidential information, mainly from highly secure machines.
Although ESET has linked the tools to GoldenJackal, the origin of the group itself remains unclear. The use of USB devices to penetrate isolated systems underscores the dangers of such attacks, which can bypass even the most stringent security measures.
This case of attacks on air-gapped systems demonstrates that even the most secure networks can be vulnerable to sophisticated penetration methods. The reliance on physical equipment such as USB devices and the subtlety of the attackers' approach underscore the importance of enhanced cybersecurity and staff awareness, as even the slightest mistake can result in a large-scale data breach.
Source
