Kaspersky, a leading cybersecurity company, recently uncovered a new and elusive Advanced Persistent Threat (APT) group named GoldenJackal. Operating since 2019, this previously unknown group has primarily focused on targeting government and diplomatic entities in the Middle East and South Asia. Through their extensive investigation, Kaspersky has shed light on GoldenJackal’s capabilities, techniques, and motivations, revealing their primary objective of espionage.
Malicious Techniques and Toolset: GoldenJackal employs a range of malicious techniques to compromise their targets. They have been observed using fake Skype installers and malicious Word documents as initial attack vectors. The fake Skype installer, disguised as a legitimate standalone installer, contained the JackalControl Trojan. Another infection vector involved a malicious document that exploited the Follina vulnerability, using remote template injection to download a malicious HTML page.
The JackalControl Trojan is the group’s main malware, granting them remote control over compromised machines through predefined commands. GoldenJackal has released different variants of this trojan over the years, some designed for persistence while others operate without infecting the system. Other tools utilized by the group include JackalSteal, which monitors removable USB drives and remote shares, and additional tools like JackalWorm, JackalPerInfo, and JackalScreenWatcher, which are deployed in specific cases to facilitate espionage activities.
Significance and Recommendations: GoldenJackal’s ability to remain undetected since 2019 highlights the need for increased vigilance against advanced threats. Kaspersky advises implementing the following measures to mitigate the risk of falling victim to targeted attacks:
- Access to Threat Intelligence (TI): Provide your Security Operations Center (SOC) team with the latest threat intelligence using the Kaspersky Threat Intelligence Portal, which offers over 20 years of cyberattack data and insights.
- Cybersecurity Training: Enhance your cybersecurity team’s skills to effectively counter targeted threats. Kaspersky provides online training courses developed by their experts from the Global Research and Analysis Team (GReAT).
- Endpoint Detection and Response (EDR): Implement EDR solutions, such as Kaspersky Endpoint Detection and Response, to detect, investigate, and remediate incidents at the endpoint level.
- Network-Level Security: Employ a corporate-grade security solution like Kaspersky Anti Targeted Attack Platform to detect advanced threats at an early stage and protect your network.
- Security Awareness Training: Combat phishing and social engineering techniques by providing security awareness training to your team. Consider utilizing the Kaspersky Automated Security Awareness Platform for practical skills development.
30 May 2023