Techly NewsGet the app

Get the latest tech news

European govt air-gapped systems breached using custom malware


ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal.

This blogpost also features the first public description of a highly modular toolset GoldenJackal deployed in Europe on various occasions between May 2022 and March 2024 against a European Union government organization. The campaign used three main components: GoldenDealer to deliver executables to the air-gapped system via USB monitoring; GoldenHowl, a modular backdoor with various functionalities; and GoldenRobo, a file collector and exfiltrator. Part of the information sent by the downloader thread to the C&C server iepk – a Boolean value that indicates whether the GoldenDealer process is elevated, pclk – an array of running processes, pglk – an array of installed programs in both Program Files and Program Files (x86) directories, pik – the user_id, sik – information about the operating system (including version, build, service pack number; architecture; and Boolean values indicating whether the OS is running on a server, domain controller, or workstation), uck – the user who is running the GoldenDealer process, and ulk – an array of all users, each with a Boolean value indicating whether the user has administrator privileges.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of European

European

Photo of custom malware

custom malware

Photo of European govt air

European govt air

Related news:

News photo

European govt air-gapped systems breached using custom malware

News photo

Tesla Cybertruck ‘too big and sharp’ for European roads, say campaigners

News photo

As war rages in Ukraine, investment in European defense and dual-use tech skyrockets

« What does Halo’s engine change to Unreal mean?
Looks like the OnePlus 13 might ditch the Qualcomm chipset we were expecting »