May 16, 2024 at 10:16AM Kimsuky, a North Korean hacker group, has been using trojanized software packages to deliver Gomir, a Linux malware, linked to the Reconnaissance General Bureau. The malware shares similarities with GoBear and allows various operations on the infected system, indicating a sophisticated espionage attack method against South Korean targets.Symantec provided indicators … Read more
May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more
December 20, 2023 at 12:33PM Iran-backed cyberespionage group, Seedworm, is targeting telecommunication organizations in North and East Africa, using tools like PowerShell, SimpleHelp, and Venom Proxy. Seedworm has been active since 2017 and previously linked to Iran’s MOIS. This group typically relies on spear-phishing emails containing various legitimate remote administration tools. Seedworm’s targets include government … Read more