Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

North Korean hackers have some deious new Linux backdoor attacks to target victims

North Korea Symantec
North Korea.

Kimsuky, an infamous North Korean state-sponsored threat actor, has been using a brand new backdoor to target victims’ Linux devices

Cybersecurity researchers Symantec, who call the backdoor Gomir, are claiming the new threat is basically a fork of the GoBear backdoor. 

Among the similarities between Gomir and GoBear are direct C2 communication, persistence methods, and different capabilities, such as pausing communications with C2, running arbitrary shell commands, changing the working directory, probing network endpoints, reporting system configuration details, starting a reverse proxy for remote connections, creating arbitrary files on the system, exfiltrating files from the system, and more. 

North Korean cyber-espionage

All of these are “almost identical” to what GoBear does on a Windows machine, Symantec said.

Being a state-sponsored group, Kimsuky usually targets high-value organizations, in both private and public sectors, abroad (mostly South Korea). In many previous instances, Kimsuky was spotted engaging in supply chain attacks, compromising legitimate software which is later used by target organizations, which was most likely the case here, as well.

Kimsuky is also known as Thallium or Velvet Chollima. The group has been active since at least 2012 and, besides South Korea, is known for targeting entities in the United States, Japan, and other countries. Their primary focus is on intelligence gathering and cyber espionage rather than financial gain.

The group usually engages in spear phishing and social engineering to deploy infostealing malware to their victims. Some of the biggest campaigns and incidents include the 2013 Operation Kimsuky (targeting South Korean think tanks and universities), Covid-19-related attacks from 2020 (targeting organizations engaged in developing the vaccine), and energy sector attacks in 2021. 

Since phishing is Kimsuky’s number one compromise method, the best way to defend against the group is to educate and train employees on how to spot and respond to phishing emails.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
No dating apps, no dates, no exes, no hookups: what’s driving the ‘boy sober’ trend?
Women continue to bear the brunt of online harassment and abuse. A reckoning is overdue
The Guardian - AU
The Guardian - AU
I now have a personal sleep coach, and you can have one too
Sleep tracking, sound aids, and sleep articles all combine to provide the tools required to improve your sleep
TechRadar
TechRadar
David Duchovny Says He Would Have "Loved to Have Done More" on 'Sex and the City'
The actor appeared in one episode of the hit HBO show during Season 6.
Marie Claire
Marie Claire
Netflix top 10 movies — here’s the 3 worth watching right now
The Netflix top 10 is a constantly rotating list of the most popular films on the service. Here are the best three to stream now.
Tom’s Guide
Tom’s Guide
Meet the 59-year-old Barbie ‘dealer’ whose hustle has netted $2 million in sales
Bruce Zalkin has 35 years in the trade and sold one couple's collection for $250,000.
Fortune
Fortune
Low waste meet high-end sushi in Chicago
The Omakase Room is found nestled deep within its 110-seater sister restaurant Sushi-San
Salon
Salon
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play