VERY IMPORTANT

Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage group, which is linked to malware employed in a recent campaign targeting organizations in South Korea. The backdoor shares extensive code similarities with the Windows-based GoBear backdoor, also used by Springtail. The campaign involved delivering malware through Trojanized software installation packages, a tactic increasingly favored by North Korean threat actors.