A new advanced persistent threat (APT) actor called GoldenJackal has been identified by Russian cybersecurity firm Kaspersky as targeting government and diplomatic entities in the Middle East and South Asia. The group has been characterized as both capable and stealthy, and has been active for at least four years, leading to suspicions that it is state-sponsored due to its attempts to remain undetected. The scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, with tailored malware being used to steal data, propagate across systems via removable drives, and conduct surveillance.
Evidence suggests that the initial path employed to breach targeted computers is through trojanized Skype installers and malicious Microsoft Word documents. The installer is used to deliver a .NET-based trojan called JackalControl, while the Word files are weaponizing the Follina vulnerability (CVE-2022-30190) to drop the same malware. JackalSteal, JackalWorm, JackalPerInfo, and JackalScreenWatcher are also being used to collect data, spread infection, and take screenshots.
Kaspersky researchers have observed the group using hacked WordPress sites as a relay to forward web requests to the actual command-and-control (C2) server by means of a rogue PHP file injected into the websites, likely to reduce visibility and limit the number of victims. The continuing development of the actor’s toolkit indicates that they are still investing in it.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.