The evolution of the package from 2019 and the one from three years later underscores a rising sophistication by GoldenJackal builders. The primary era supplied a full suite of capabilities, together with:
- GoldenDealer, a part that delivers malicious executables to air-gapped programs over USB drives
- GoldenHowl, a backdoor that accommodates varied modules for a mixture of malicious capabilities
- GoldenRobo, a file collector and exfiltrator
Inside a couple of weeks of deploying the package in 2019, ESET stated, GoldenJackal began utilizing different instruments on the identical compromised gadgets. The newer instruments, which Kaspersky documented in its 2023 analysis, included:
- A backdoor tracked beneath the identify JackalControl
- JackalSteal, a file collector and exfiltrator
- JackalWorm, used to propagate different JackalControl and different malicious parts over USB drives
GoldenJackal, ESET stated, continued utilizing these instruments into January of this 12 months. The essential stream of the assault is, first, infecting an Web-connected system by way of a way ESET and Kaspersky have been unable to find out. Subsequent, the contaminated laptop infects any exterior drives that get inserted. When the contaminated drive is plugged into an air-gapped system, it collects and shops knowledge of curiosity. Final, when the drive is inserted into the Web-connected system, the info is transferred to an attacker-controlled server.
Constructing a greater lure
Within the 2022 assault on the European Union governmental group, GoldenJackal started utilizing a brand new customized toolkit. Written in a number of programming languages, together with Go and Python, the newer model took a way more specialised method. It assigned completely different duties to various kinds of contaminated gadgets and marshaled a a lot bigger array of modules, which could possibly be blended and matched primarily based on the attacker objects for various infections.