Kaspersky discovers GoldenJackal APT spies on gov’t organizations

Kaspersky, a cybersecurity solutions company, discovered that the elusive (advanced persistent threat) APT group GoldenJackal has been targeting government and diplomatic organizations in the Middle East and South Asia.

According to Kaspersky, GoldenJackal has been around since 2019 but has eluded detection having kept a low profile keeping its existence secret. The APT group has been deploying Trojans using Word documents as well as Skype installers. 

What sets GoldenJackal apart from the others is that it uses a “specific toolset” to deploy malicious software to obtain information from its targets, which, based on the investigation include the government of Pakistan. This toolset enables actors to control the victim’s devices remotely with predefined and supported commands. 

AI in cybersecurity: Friend or foe?
Kaspersky warns of risks in selling verified e-wallets

The document “Gallery of Officers Who Have Received National and Foreign Awards.docx,” which at first glance looks like a legitimate circular, actually contains JackalControl Trojan. 

In such a short time, the group has distributed different variants of this malware with some including code to maintain persistence while the others were configured to run without infecting the system. Other Trojans are named JackalSteal, which uses USB to spread malware, while the others are called JackalWorm, JackalPerInfo, and JackalScreenWatcher.

“The machine usually gets infected by other components, such as a batch script,” Kaspersky said.

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

  • Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years. 
  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts
  • For endpoint-level detection, investigation, and the timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform
  • As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform

2 replies »