Security News > 2024 > May > Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect South Korean targets with Troll Stealer and the Go-based Windows malware GoBear.
Analysts at Symantec, a Broadcom company, looking into the same campaign that targeted South Korean government organizations, discovered a new malicious tool that appears to be a Linux variant of the GoBear backdoor.
NSA warns of North Korean hackers exploiting weak DMARC email policies.
Iranian hackers pose as journalists to push backdoor malware.
DPRK hacking groups breach South Korean defense contractors.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)