Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
17 May 2024
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.
The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between