Skip to content
IndustryEconomy Watch: Market Movers TodayAerospaceCybersecuritytechnology

New Wave of Cyber-Attacks Targets Governments Worldwide

GoldenJackal's latest campaign exposes security risks even in highly secure systems. Experts warn of potential Russian connection.

 and  Administrator
1 min read
In the picture we can see three boys standing near the desk on it, we can see two computer systems...
In the picture we can see three boys standing near the desk on it, we can see two computer systems towards them and one boy is talking into the microphone and they are in ID cards with red tags to it and behind them we can see a wall with an advertisement board and written on it as Russia imagine 2013.

New Wave of Cyber-Attacks Targets Governments Worldwide

A new wave of cyber-attacks has been detected, targeting isolated systems at governmental organisations across Europe, South Asia, and the Middle East. The attacks, which took place between May 2022 and March 2024, are believed to be the work of the advanced persistent threat (APT) group GoldenJackal.

The group, which has been active since at least 2019, primarily targets government and diplomatic entities. In a recent campaign, GoldenJackal upgraded its toolkit to a more modular design with enhanced network persistence and file management capabilities. The group's tools include GoldenDealer, GoldenHowl, and GoldenRobo, which are used for USB-based file transfer, data collection and exfiltration, and file gathering and exfiltration respectively. The use of USB-based infiltration methods highlights the security risks posed by these attacks, even to highly secure systems.

Researchers at ESET discovered the campaign and traced GoldenJackal's activities back to at least 2019, when they targeted a South Asian embassy in Belarus. While the group's origin remains unclear, some indicators suggest a possible Russian connection due to similarities with previously identified malware attributed to Russian-speaking groups.

The GoldenJackal APT group has been active since at least 2019, primarily targeting government and diplomatic entities in Europe, South Asia, and the Middle East. The group's use of USB-based infiltration methods and modular toolkits with enhanced capabilities pose significant security risks to isolated systems. While the group's origin remains unclear, some indicators suggest a possible Russian connection. Organizations are advised to remain vigilant and implement robust security measures to protect against such attacks.

Read also:

Related

Latest