Security News > 2024 > May > Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
2024-05-17 08:46
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
News URL
https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html
Related news
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)