Kimsuky hackers deploy new Linux backdoor in attacks on South Korea

May 16, 2024 at 10:16AM Kimsuky, a North Korean hacker group, has been using trojanized software packages to deliver Gomir, a Linux malware, linked to the Reconnaissance General Bureau. The malware shares similarities with GoBear and allows various operations on the infected system, indicating a sophisticated espionage attack method against South Korean targets.Symantec provided indicators … Read more

Kimsuky hackers deploy new Linux backdoor via trojanized installers

May 16, 2024 at 09:35AM North Korean hacker group Kimsuki, linked to military intelligence, used trojanized software packages to deliver Linux malware Gomir in cyberespionage campaigns against South Korean targets. The malware, a variant of GoBear, exhibits persistent behaviors on Linux machines and supports 17 operations through HTTP POST requests. It’s part of a supply-chain … Read more

Iranian ‘Seedworm’ Cyber Spies Target African Telcos & ISPs

December 20, 2023 at 12:33PM Iran-backed cyberespionage group, Seedworm, is targeting telecommunication organizations in North and East Africa, using tools like PowerShell, SimpleHelp, and Venom Proxy. Seedworm has been active since 2017 and previously linked to Iran’s MOIS. This group typically relies on spear-phishing emails containing various legitimate remote administration tools. Seedworm’s targets include government … Read more