reports that few government and diplomatic organizations in Turkey, Iran, Iraq, Azerbaijan, Pakistan, and Afghanistan have been subjected to cyberespionage attacks by the GoldenJackal advanced persistent threat operation.
GoldenJackal has been leveraging a malicious Word file and a phony Skype installer to facilitate the distribution of several malware strains, namely JackalControl, JackalPerInfo, JackalSteal, JackalScreenWatcher, and JackalWorm, a report from Kaspersky showed.
Remote device control for arbitrary code execution is enabled by the JackalControl trojan, which has various means for achieving persistence, while JackalPerInfo facilitates system data gathering file exfiltration activities.
GoldenJackal has been using JackalSteal to determine files that could be exfiltrated to its command-and-control server, while JackalScreenWatcher and JackalWorm have been used to allow screenshot capturing and enable further malware infections, respectively.
GoldenJackal was found to have slight similarities in tactics, techniques, and procedures with the Turla
group, including in the groups' similar targets and utilization of compromised WordPress sites and .NET tools, but the connection has bene inconclusive, said researchers.