<— Back

GoldenJackal Chronicles: Delving into Enigmas and Unanswered Questions

“GoldenJackal” is a relatively new APT group that we discovered in mid-2020 and publicly documented in 2023. Since 2019, this group has conducted several APT attacks targeting governmental and diplomatic entities in the Middle East and South Asia.

Over the past years, we have closely monitored the group and collected information about their Tactics, Techniques, and Procedures (TTPs). We’ve observed a consistent level of activity, which characterizes the group as a proficient and stealthy actor gradually expanding its operations. The hallmark of this group lies in its distinct set of .NET malware tools: JackalControl, JackalWorm, JackalSteal, JackalPerInfo, and JackalScreenWatcher. These tools serve various purposes, including:

• Controlling victim machines
• Propagating across systems via removable drives
• Exfiltrating specific files from infected systems
• Stealing credentials
• Gathering information about local systems
• Collecting data on users’ web activities
• Capturing desktop screenshots

Based on their toolset and behavioral patterns, we believe the primary motivation of the actor is espionage. In the upcoming speech, I will cover the group’s most relevant facets, provide an overview of their toolset, explore their targeting strategies, and how they move laterally inside the targeted network. Additionally, I will highlight the unresolved aspects to inspire fellow researchers to shed light on these areas and aid in enhancing the community’s understanding of this cyber threat.