Security News > 2024 > May > Kimsuky hackers deploy new Linux backdoor via trojanized installers
The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea.
In early February 2024, researchers at the SW2 threat intelligence company reported about a campaign where Kimsuky used trojanized versions of various software solutions, e.g. TrustPKI and NX PRNMAN from SGA Solutions, Wizvera VeraPort, to infect targets with the Troll Stealer variant of the Go-based Windows malware GoBear.
Analysts at Symantec, a Broadcom company, looking into the same campaign that targeted South Korean government organizations, discovered a new malicious tool that appears to be a Linux variant of the GoBear backdoor.
Gomir supports the following 17 operations, triggered when the corresponding command is received from the C2 via HTTP POST requests.
NSA warns of North Korean hackers exploiting weak DMARC email policies.
Iranian hackers pose as journalists to push backdoor malware.
News URL
Related news
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)