Subj : North Korean hackers have some deious new Linux backdoor attacks To : All From : TechnologyDaily Date : Fri May 17 2024 16:45:06 North Korean hackers have some deious new Linux backdoor attacks to target victims Date: Fri, 17 May 2024 15:40:55 +0000 Description: Researchers find Gomir to be a copy of GoBear, an earlier Windows-based backdoor. FULL STORY ====================================================================== Kimsuky, an infamous North Korean state-sponsored threat actor, has been using a brand new backdoor to target victims Linux devices . Cybersecurity researchers Symantec , who call the backdoor Gomir, are claiming the new threat is basically a fork of the GoBear backdoor. Among the similarities between Gomir and GoBear are direct C2 communication, persistence methods, and different capabilities, such as pausing communications with C2, running arbitrary shell commands, changing the working directory, probing network endpoints, reporting system configuration details, starting a reverse proxy for remote connections, creating arbitrary files on the system, exfiltrating files from the system, and more. North Korean cyber-espionage All of these are almost identical to what GoBear does on a Windows machine, Symantec said. Being a state-sponsored group, Kimsuky usually targets high-value organizations, in both private and public sectors, abroad (mostly South Korea). In many previous instances, Kimsuky was spotted engaging in supply chain attacks, compromising legitimate software which is later used by target organizations, which was most likely the case here, as well. Kimsuky is also known as Thallium or Velvet Chollima. The group has been active since at least 2012 and, besides South Korea, is known for targeting entities in the United States, Japan, and other countries. Their primary focus is on intelligence gathering and cyber espionage rather than financial gain. The group usually engages in spear phishing and social engineering to deploy infostealing malware to their victims. Some of the biggest campaigns and incidents include the 2013 Operation Kimsuky (targeting South Korean think tanks and universities), Covid-19-related attacks from 2020 (targeting organizations engaged in developing the vaccine), and energy sector attacks in 2021. Since phishing is Kimsukys number one compromise method, the best way to defend against the group is to educate and train employees on how to spot and respond to phishing emails. More from TechRadar Pro North Korean hacking group attacks ScreenConnect flaws to drop dangerous new malware Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-have-some-deious-n ew-linux-backdoor-attacks-to-target-victims --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .