GoMet Backdoor Used By Hackers To Target A Ukrainian Software Company

According to a fresh study, an “uncommon” piece of malware was used to attack a significant software development business whose software is utilized by many governmental bodies in Ukraine.

The virus, which was discovered for the first time on May 19, 2022, is a specialized version of the GoMet open-source backdoor and is intended to keep permanent access to the network.

According to Cisco Talos, this access might be used to launch subsequent attacks, get deeper access, or corrupt the software supply chain, among other things.

The cybersecurity company’s evaluation indicates Russian nation-state action even though there are no specific signs that the assault can be traced to a particular person or organization.

The discoveries coincide with the U.S. Cyber Command’s Wednesday release of indications of compromise (IoCs) concerning various malware strains that have recently targeted Ukrainian networks, including GrimPlant, GraphSteel, and Cobalt Strike Beacon, and MicroBackdoor.

Since then, the phishing assaults have been linked to two espionage actors named UNC1151 (also known as Ghostwriter) and UNC2589, the latter of which is said to “operate in support of Russian government interest and has been undertaking considerable espionage collection in Ukraine.”