A smaller threat actor known as GoldenJackal has been connected to a recent series of cyberattacks against embassies and governmental organizations. The attacks are attempting to infiltrate air-gapped systems. Researchers believe that GoldenJackal is trying to steal confidential information from computers not connected to the internet. GoldenJackal was first identified in May 2023, and may have originated in 2019 or earlier. So far, the bad actor has attacked a South Asian embassy in Belarus and a European Union government organization. In its attacks, GoldenJackal commonly uses a worm called JackalWorm that can infect connected USB drives. JackalWorm then delivers a trojan named JackalControl. Not much is known about how GoldenJackal gains access to its target environments, but the threat actor has shown a high level of sophistication for being such a small group.



