Researchers from security firm ESET have discovered two sophisticated toolsets used by a nation-state hacking group, possibly from Russia, to steal data from air-gapped devices. The device collection was created in 2019 and targeted a South Asian embassy in Belarus, while a second toolkit infected a European Union government organization three years later.
The toolkits share identical components with another group, GoldenJackal, tracked by Kaspersky as an unknown nation-state actor. Based on the overlap, ESET concludes that the same group is behind both attacks. The discovery highlights the limitations of air-gapping, which is typically used for sensitive networks and devices, including those in industrial control, manufacturing, and power generation.
The use of air-gapped systems does not provide foolproof protection against espionage hacking, as evidenced by past cases. However, it forces threat groups to expend significant resources that are likely obtainable only by nation-states with superior technical capabilities and unlimited budgets. The discovery puts GoldenJackal in an exclusive collection of threat groups known for their sophisticated tactics.
According to ESET researcher MatÃas Porolli, the group’s ability to build and deploy two separate toolsets designed to compromise air-gapped systems in just five years is “quite unusual” due to its resourcefulness and sophistication.
Source: https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/