GOLD BARONDALE
Objectives
Tools
SUMMARY
GOLD BARONDALE is a financially motivated cybercriminal threat group active since at least 2022. The group establishes initial access to victim networks via opportunistic scanning and exploitation of known vulnerabilities in internet-facing servers. CTU researchers observed multiple incidents where GOLD BARONDALE deployed a custom PowerShell remote access trojan (RAT), HTA Shell and a HTran variant for command and control.
CTU researchers assess with moderate confidence that GOLD BARONDALE is based in China due to the group’s use of tactics, techniques, and procedures (TTPs) that have been developed by China-based researchers and scripts containing Chinese-language comments.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.