Security News > 2024 > May > Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
2024-05-17 08:46
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
News URL
https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- New Auto-Color Linux backdoor targets North American govts, universities (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- New npm attack poisons local packages with backdoors (source)
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)