Security News > 2024 > May > Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
2024-05-17 08:46
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
News URL
https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html
Related news
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Hackers now testing ClickFix attacks against Linux targets (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Nation-state APTs ramp up attacks on Ukraine and the EU (source)