Attackers Target Ukraine With GoMet Backdoor

August 1, 2022

Threat actors believed to be Russian state-sponsored attacked a software company in Ukraine with a slightly modified version of the open-source GoMet backdoor. For persistence, the malware executed a cronjob every two seconds to confirm a connection to the command-and-control server or replaced an existing autorun executable with the malware. The malicious software also opened a blank CMD process and executed the “systeminfo” command to gather data about the system.
Subscribe