A strange hacking group has 2 new tools to steal data from encrypted devices

The newly discovered tool is made up of many different building blocks, written in many languages ​​and capabilities. The overall goal seems to increase with intensity in the event of a single module receiving the target.

“Their goal is to find it difficult to get data from aircraft systems and stay under the radar as much as possible,” Chastin Raiu, who works at Kaspersky at the time to research Goodjackal, was written in an interview. “Multiple exfiltration methods show a very flexible toolkit that can accommodate all kinds of situations. These many tools show that they are a very customized framework where they tailor exactly what they need compared to multi-purpose malware that can do anything.”

Another new insight provided by the ESET study is Goodhackalk’s interest in Rigns located in Europe. Kaspersky investigators discovered a group targeting countries in the Middle East.

Based on the information available to Kaspersky, the company’s researchers could not name goodjaackal in any specific country. ESET also failed to identify a country, but found that the threat group could be traced to Turla, a sophisticated hacking group operating on behalf of the FSB intelligence agency. The tie comes in the form of a control and management protocol in Goldenhowl referred to as Transport_HTTP. The same expression is found in malware known to appear in Turla.

Raiu said the high-level approach is reminiscent of Red October, a broad intelligence platform found in 2013 to direct hundreds of thousands of nations, governments, and scientific organizations of at least 39 countries, including the Russian Federation, Iran and the United States.

While Tuesday’s report contains technology that may be too advanced for most people to understand, it provides important new information for understanding malware and the tactics, strategies, and processes of those who use it. This report will be useful to people who are responsible for protecting the types of organizations that are often referred to groups in the province.

“I can say that this is very interesting for the safety of people working in embassies and government agencies,” said Raiu. “They need to check these TTPs and look at them in the future. If you were after the victim of Turla or Red October I would pay attention to this.”

This story originally appeared ARS Technica.