GOLD BARONDALE
Objectives
Tools
SUMMARY
GOLD BARONDALE is a financially motivated cybercriminal threat group active since at least 2022. The group establishes initial access to victim networks via opportunistic scanning and exploitation of known vulnerabilities in internet-facing servers. CTU researchers observed multiple incidents where GOLD BARONDALE deployed a custom PowerShell remote access trojan (RAT), HTA Shell and a HTran variant for command and control.
CTU researchers assess with moderate confidence that GOLD BARONDALE is based in China due to the group’s use of tactics, techniques, and procedures (TTPs) that have been developed by China-based researchers and scripts containing Chinese-language comments.
Contact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.