Security News > 2024 > May > Kimsuky hackers deploy new Linux backdoor via trojanized installers
The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea.
In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect targets with the Troll Stealer variant of the Go-based Windows malware GoBear.
Analysts at Symantec, a Broadcom company, looking into the same campaign that targeted South Korean government organizations, discovered a new malicious tool that appears to be a Linux variant of the GoBear backdoor.
Gomir supports the following 17 operations, triggered when the corresponding command is received from the C2 via HTTP POST requests.
NSA warns of North Korean hackers exploiting weak DMARC email policies.
Iranian hackers pose as journalists to push backdoor malware.
News URL
Related news
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs (source)