Security News > 2024 > May > Kimsuky hackers deploy new Linux backdoor via trojanized installers

Kimsuky hackers deploy new Linux backdoor via trojanized installers
2024-05-16 13:28

The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea.

In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect targets with the Troll Stealer variant of the Go-based Windows malware GoBear.

Analysts at Symantec, a Broadcom company, looking into the same campaign that targeted South Korean government organizations, discovered a new malicious tool that appears to be a Linux variant of the GoBear backdoor.

Gomir supports the following 17 operations, triggered when the corresponding command is received from the C2 via HTTP POST requests.

NSA warns of North Korean hackers exploiting weak DMARC email policies.

Iranian hackers pose as journalists to push backdoor malware.


News URL

https://www.bleepingcomputer.com/news/security/kimsuky-hackers-deploy-new-linux-backdoor-via-trojanized-installers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 374 2505 1534 665 5078