The North Korean hacking group Kimsuky distributed Linux.Gomir, a Linux backdoor, as a software update targeting South Korean victims. The backdoor is similar to the Windows-based backdoor GoBear, used by Kimsuky, known for using aggressive social engineering tactics to gather intelligence related to Korean peninsular politics, to spy on think tanks and governments
The software packaged as an update was carefully chosen to increase infection chances, reflecting the trend of software packages with Trojans being a preferred method for North Korean espionage. Another financially motivated threat group, Storm-1811, is using voice-phishing calls impersonating IT support to install Qakbot malware, Cobalt Strike, and Black Basta ransomware. Additionally, major breaches were reported including the unauthorized access to Santander Bank's internal database impacting millions, Turla hackers spying on European missions with LunarWeb and LunarMail backdoors, Sumo, an Australian utility, revealing a data breach affecting over 40,000 customers, and Christie's auction house being targeted by cyber attackers. ```https://www.bankinfosecurity.com/breach-roundup-kimsuky-serves-linux-trojan-a-25246