ESET researchers uncovered a series of attacks on a European government organization by cyberespionage group GoldenJackal targeting air-gapped systems from May 2022 to March 2024. GoldenJackal, active since 2019, utilizes a custom toolset including implants like JackalControl, JackalSteal, and JackalWorm. They have diverse capabilities, including file collection and exfiltration, and targeting high-profile, offline machines. The group’s modular approach and resourcefulness are evident in their tools, such as GoldenDealer for USB monitoring and file delivery. Their attacks highlight the challenges of breaching air-gapped systems, typically used for vital networks like power grids. GoldenJackal’s tactics, techniques, and targets are detailed in this eye-opening blogpost.
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/