Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Target South Korea

The North Korean state-sponsored cyberespionage group known as Kimsuky has reportedly been targeting South Korea using a yet undocumented Golang-based stealer, dubbed ‘Troll Stealer’. This malware has the capability to exfiltrate “SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures” from affected systems, as revealed by the South Korean cybersecurity firm S2W in their technical report. The introduction of the ‘Troll Stealer’ illustrates Kimsuky’s continued activities and advancement in strategies, further highlighting the necessity for heightened cybersecurity measures specifically for companies in sensitive sectors. The specific companies targeted have not been disclosed in the report.

Published: Thu, 08 Feb 2024 12:23:00 +0530