• Tue. Oct 10th, 2023

Kaspersky Lab Uncovers Spy Jackal Targeting Government Agencies in the Middle East

Avatar photo

ByEsme Greene

Aug 8, 2023
Kaspersky Uncovers Spy Jackal in Middle East
Esme Greene
Latest posts by Esme Greene (see all)

Kaspersky Lab, a renowned cybersecurity firm, has recently uncovered the activities of an unknown Advanced Persistent Threat (APT) group known as GoldenJackal. Since 2019, this elusive group has been engaged in spying on government and diplomatic institutions in Asia and the Middle East. Taking great care to remain undetected, GoldenJackal meticulously selects its targets and keeps the volume of attacks to a minimum, reducing the risk of exposure. Kaspersky Lab has been monitoring and tracking GoldenJackal since 2020.

According to experts, GoldenJackal has demonstrated significant activity in countries such as Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. Despite operating for several years, this cybercriminal group has managed to remain relatively unknown and undocumented in the public domain.

GoldenJackal: What Does It Utilize to Execute an Attack?

Kaspersky Lab’s investigation reveals that GoldenJackal relies on a collection of customizable .NET malware tools that serve various purposes. These capabilities include credential and identity theft, malware downloads, lateral movement within the target network, file exfiltration, and more.

GoldenJackal has developed several proprietary tools for use in their operations, including:

  • JackalControl: This tool provides remote control over compromised computers. It receives commands from a command-and-control (C2) server, enabling the execution of arbitrary scripts, file exfiltration, or delivery of additional payloads.
  • JackalSteal: An implant designed to extract data from all logical drives, including remote shares and newly connected USB drives.
  • JackalWorm: This tool infects USB drives and spreads to other potentially valuable computers. Once on a new system, the worm erases its presence from the USB drive.
  • JackalPerInfo: A tool focused on stealing system information, including browsing history and credentials from web browsers, as well as extracting files from specific directories such as Desktop, Documents, Downloads, and AppData\Roaming\Microsoft\Windows\Recent.
  • JackalScreenWatcher: Used to capture screenshots on infected devices, which are then transmitted to the attacker’s server.

Based on their analysis, Kaspersky Lab’s experts concluded that GoldenJackal employs an extensive and customizable toolkit to carry out long-term espionage campaigns against a limited number of targets. The group’s meticulous approach highlights their dedication to conducting covert surveillance activities.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.