May 16, 2024 at 10:16AM
Kimsuky, a North Korean hacker group, has been using trojanized software packages to deliver Gomir, a Linux malware, linked to the Reconnaissance General Bureau. The malware shares similarities with GoBear and allows various operations on the infected system, indicating a sophisticated espionage attack method against South Korean targets.Symantec provided indicators of compromise in their report.
Based on the meeting notes, key takeaways include:
1. The North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir, which is a variant of the GoBear backdoor.
2. Kimsuky is a state-sponsored threat actor linked to North Korea’s military intelligence, the Reconnaissance General Bureau (RGB).
3. The Gomir backdoor shares many similarities with GoBear and supports various operations triggered by corresponding commands received from the command and control server.
4. This campaign appears to represent a supply-chain attack, with trojanized software installers specifically targeting South Korean-based targets.
Please let me know if you need any further information or if there are additional details you would like to discuss.