Kimsuky Expands Its Arsenal with New Backdoor

Threat Level – Amber | Vulnerability Report
Download PDF

The North Korean hacker group Kimsuky has been deploying a new Linux malware named Gomir, which is a variant of the GoBear backdoor, in their recent campaign targeting government organizations in South Korea. Gomir is nearly identical in structure to GoBear, with significant code sharing between the two malware. It is delivered via trojanized software installers, highlighting the persistent threat from Kimsuky to South Korean entities.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox