Security News > 2023 > May > GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments
2023-05-23 15:30

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal.

The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.

GoldenJackal is suspected to have been active for at least four years, although little is known about the group.

Kaspersky said it has been unable to determine its origin or affiliation with known threat actors, but the actor's modus operandi suggests an espionage motivation.

What's more, the threat actor's attempts to maintain a low profile and disappear into the shadows bears all the hallmarks of a state-sponsored group.

Another notable aspect of the threat actor is its reliance on hacked WordPress sites as a relay to forward web requests to the actual command-and-control server by means of a rogue PHP file injected into the websites.


News URL

https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html