Attackers Target Ukraine With GoMet Backdoor
Threat actors believed to be Russian state-sponsored attacked a software company in Ukraine with a slightly modified version of the open-source GoMet backdoor.
For persistence, the malware executed a cronjob every two seconds to confirm a connection to the command-and-control server or replaced an existing autorun executable with the malware.
The malicious software also opened a blank CMD process and executed the “systeminfo” command to gather data about the system.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe