Kimsuky Expands Its Arsenal with New Backdoor

Summary:

The North Korean hacker group Kimsuky has been deploying a new Linux malware named Gomir, which is a variant of the GoBear backdoor, in their recent campaign targeting government organizations in South Korea. Gomir is nearly identical in structure to GoBear, with significant code sharing between the two malware. It is delivered via trojanized software installers, highlighting the persistent threat from Kimsuky to South Korean entities.

Threat Level – Amber | Attack Report

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.