Security News > 2024 > May > Kimsuky hackers deploy new Linux backdoor in attacks on South Korea

The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect South Korean targets with Troll Stealer and the Go-based Windows malware GoBear.
Analysts at Symantec, a Broadcom company, looking into the same campaign that targeted South Korean government organizations, discovered a new malicious tool that appears to be a Linux variant of the GoBear backdoor.
NSA warns of North Korean hackers exploiting weak DMARC email policies.
Iranian hackers pose as journalists to push backdoor malware.
DPRK hacking groups breach South Korean defense contractors.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- South Korea Suspends DeepSeek AI Downloads Over Privacy Violations (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)