🇷🇺

GoldenJackal

APT Group Information theft and espionage ETDA ✓

Also Known As

No alias recorded

Target Countries 8

Countries highlighted in red

Afghanistan Azerbaijan Belarus Germany Iraq Islamic Republic of Iran Pakistan Turkey

Sectors Targeted

Government diplomatic entities

Details

Origin 🇷🇺 RU

Last Updated 08 Nov 2023

MITRE ATT&CK 71

T1003 - OS Credential Dumping T1005 - Data from Local System T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1025 - Data from Removable Media T1027 - Obfuscated Files or Information T1033 - System Owner/User Discovery T1036 - Masquerading T1041 - Exfiltration Over C2 Channel T1046 - Network Service Scanning T1048 - Exfiltration Over Alternative Protocol T1049 - System Network Connections Discovery T1052 - Exfiltration Over Physical Medium T1053 - Scheduled Task/Job T1055 T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 T1070 - Indicator Removal on Host T1071 - Application Layer Protocol T1071.001 T1072 - Software Deployment Tools T1074 - Data Staged T1078 T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1090 - Proxy T1091 - Replication Through Removable Media T1092 - Communication Through Removable Media T1102 - Web Service T1105 - Ingress Tool Transfer T1106 - Native API T1112 - Modify Registry T1113 T1114 - Email Collection T1115 T1119 - Automated Collection T1120 - Peripheral Device Discovery T1127 T1132 - Data Encoding T1135 - Network Share Discovery T1140 - Deobfuscate/Decode Files or Information T1176 T1185 T1204 - User Execution T1210 - Exploitation of Remote Services T1496 T1518 - Software Discovery T1530 - Data from Cloud Storage Object T1531 T1539 T1543 - Create or Modify System Process T1547 - Boot or Logon Autostart Execution T1552 - Unsecured Credentials T1555 T1560 - Archive Collected Data T1562 T1564 - Hide Artifacts T1566 - Phishing T1566.002 T1567 - Exfiltration Over Web Service T1568 T1569 - System Services T1572 - Protocol Tunneling T1574 T1583 - Acquire Infrastructure T1584 - Compromise Infrastructure T1585 - Establish Accounts T1587 - Develop Capabilities T1588 - Obtain Capabilities

Related Zero-Days

No zero-day CVE linked to this actor

Known Names 1 entries

GoldenJackal Kaspersky

Observed Target Countries 6

Based on ETDA data — countries highlighted in red

Afghanistan Azerbaijan Iran Iraq Pakistan Turkey

Description

(Kaspersky) GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described.

Tools Used 5

JackalControl JackalPerInfo JackalScreenWatcher JackalSteal JackalWorm

Operations 1

2022 Mind the (air) gap: GoldenJackal gooses government guardrails https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/

Reports & References 1

https://securelist.com/goldenjackal-apt-group/109677/

ETDA Profile

GoldenJackal

Origin

[Unknown]

First Seen 2019

Motivation

Information theft and espionage

View on ETDA APT Groups ↗