GoldenJackal, a sophisticated nation-state hacking group possibly from Russia, developed two separate toolsets in five years to steal sensitive data from air-gapped devices. The tools infected a South Asian embassy and a European Union government organization. Air-gapping isn’t foolproof protection, but it forces groups to have significant resources, likely only available to nation-states. The evolution of GoldenJackal’s toolsets shows growing sophistication. The latest toolkit is flexible, resilient, and aims to stay undetected by offering multiple exfiltration mechanisms. Discoveries also suggest a possible tie to Turla, a Russian hacking group, and further insights into the tactics of nation-state cyber threats.
https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/