Security News > 2022 > July > Hackers Target Ukrainian Software Company Using GoMet Backdoor

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "Uncommon" piece of malware, new research has found.

The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network.

"This access could be leveraged in a variety of ways including deeper access or to launch additional attacks, including the potential for software supply chain compromise," Cisco Talos said in a report shared with The Hacker News.

Public reporting into the use of GoMet in real-world attacks has so far uncovered only two documented cases to date: one in 2020, coinciding with the disclosure of CVE-2020-5902, a critical remote code execution flaw in F5's BIG-IP networking devices.

GoMet, as the name implies, is written in Go and comes with features that allow the attacker to remotely commandeer the compromised system, including uploading and downloading files, running arbitrary commands, and using the initial foothold to propagate to other networks and systems via what's called a daisy chain.

While the original code is configured to execute cron jobs once every hour, the modified version of the backdoor used in the attack is built to run every two seconds and ascertain if the malware is connected to a command-and-control server.

News URL

https://thehackernews.com/2022/07/hackers-target-ukrainian-software.html