Kimsuky APT drops Linux backdoor Gomir in Korean cyber attacks

May 17, 2024
1 min read

TLDR:

  • The Kimsuky APT group, linked to North Korea’s Reconnaissance General Bureau, has been observed deploying a Linux backdoor codenamed Gomir in cyber attacks targeting South Korean organizations.
  • Gomir is structurally almost identical to the GoBear backdoor, with extensive code sharing between the variants.

In a recent report, the Symantec Threat Hunter Team identified the Kimsuky APT group, also known as Springtail and linked to North Korea’s Reconnaissance General Bureau, deploying a Linux version of the GoBear backdoor named Gomir in cyber attacks targeting South Korean organizations. The malware is structurally almost identical to GoBear, with extensive code sharing between the variants.

GoBear, originally documented by South Korean security firm S2W, was part of a campaign that also included the delivery of Troll Stealer malware. This campaign involved distributing malware through trojanized security programs downloaded from South Korean websites. Gomir, the Linux counterpart of GoBear, supports various commands, allowing operators to execute remote commands, run shell commands, and more.

The malware is distributed through fake installers as well as through droppers disguised as installers for Korean apps. Symantec reported that the software installation packages and updates are now popular infection vectors for North Korean espionage actors, with software being chosen carefully to maximize chances of infecting South Korean targets.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain