North Korean hackers have developed cunning new backdoor attacks using Linux to target unsuspecting victims.

Share it

North Korean Hackers Utilize Linux Backdoor Attacks

In a recent development, cybersecurity researchers have identified a new backdoor attack method being employed by Kimsuky, a well-known North Korean state-sponsored threat actor. This backdoor, named Gomir, is considered a variant of the existing GoBear backdoor. Symantec, the researchers behind the discovery, note that Gomir shares similarities with GoBear in terms of direct C2 communication, persistence mechanisms, and a variety of capabilities that allow attackers to carry out malicious activities.

Understanding North Korean Cyber-espionage

The activities of Kimsuky, also known as Thallium or Velvet Chollima, primarily focus on cyber espionage and intelligence gathering rather than financial motives. The group targets high-value organizations in sectors such as public and private entities, particularly in South Korea and other countries like the United States and Japan. Kimsuky has a history of conducting supply chain attacks by compromising legitimate software to infiltrate target organizations, a strategy that was likely utilized in this instance as well.

Since its inception in 2012, Kimsuky has engaged in various notorious campaigns, such as Operation Kimsuky targeting South Korean think tanks and universities in 2013, Covid-19-related attacks in 2020 aimed at organizations involved in vaccine development, and attacks on the energy sector in 2021. The group frequently employs spear phishing and social engineering tactics to distribute infostealing malware to their victims.

Given that phishing is a key method of compromise for Kimsuky, educating and training employees on how to detect and respond to phishing emails is crucial in mitigating the threat posed by the group.

Conclusion

The emergence of Gomir as a new backdoor attack tool used by North Korean hackers underscores the evolving nature of cybersecurity threats. Organizations and individuals need to remain vigilant and implement robust security measures to safeguard against such sophisticated cyber-attacks.