1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • European government systems hit by air-gap malware attack

    From TechnologyDaily@1337:1/100 to All on Wed Oct 9 15:30:05 2024
    European government systems hit by air-gap malware attack

    Date:
    Wed, 09 Oct 2024 14:29:00 +0000

    Description:
    State-sponsored group was seen targeting air-gapped endpoints belonging to EU governments.

    FULL STORY ======================================================================

    Hackers have managed to steal sensitive information from air-gapped systems belonging to different European governments on at least three separate occasions, experts have warned.

    A new report from ESET . explained how the threat actor, called GoldenJackal, is a sophisticated cyber-espionage group known for targeting governments in South Asia and Europe over the last five years.

    Air-gapped systems seem to be their inner specialty, targeting them with USB drives. GoldenJackal's affiliation remains unclear, but it is suspected to be a state-sponsored group, potentially from Eastern Europe or Asia. An air-gapped system is a computer or network that is physically isolated from unsecured networks, such as the internet, to prevent unauthorized access and enhance security. Still, crooks managed to steal data from these endpoints by means of self-propagating malware . GoldenJackal

    As per BleepingComputer , GoldenJackal was so far observed targeting an embassy of a South Asian country in Belarus on two occasions - once in September 2019, and once in July 2021. It was also seen going after a
    European government organization between May 2022 and March 2024.

    The attack starts with a USB drive infected with a piece of malware. It is notable that the group built multiple variants for different victims which, for ESETs experts, is a testament to the groups resourcefulness. In some instances, it used malware called GoldenDealer, and in others - GoldenAce.

    This malware is tasked with copying itself, together with other malware, onto air-gapped devices, as soon as the USB drive is plugged in. Other malware includes a backdoor called GoldenHowl, and an infostealer called GoldenRobo (or GoldenUsbCopy and GoldenUsbGo, respectively). The latters task is to copy documents, images, encryption keys, OpenVPN configuration files, and other important data, into a hidden directory on the USB drive.

    Then, when the USB drive is reconnected to an internet-enabled device, the malware sends everything it stole to the C2 server. More from TechRadar Pro Devious new cyberattack leaks secrets from LCD screen noise on air-gapped computers Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/european-government-systems-hit-by-air- gap-malware-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)