Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

As part of a mission to target South Korean organizations, the Kimsuky (also known as Springtail) advanced persistent threat (APT) group, associated with North Korea’s Reconnaissance General Bureau (RGB), has been seen spreading a Linux variant of its GoBear backdoor.

The Gomir backdoor shares a lot of code with other malware variants and is structurally nearly identical to GoBear, according to a recent analysis from the Broadcom-owned Symantec Threat Hunter Team. Any operating system-specific functionality from GoBear has either been removed or reimplemented in Gomir.

Early in February 2024, GoBear was discovered by the South Korean security company S2W in relation to a campaign that distributed malware known as Troll Stealer (also known as TrollAgent), which overlaps with families of known Kimsuky malware like AppleSeed and AlphaSeed read more Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *