Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Philippines: 5.4M cyber attacks against government agencies deterred in 2024
March 1, 2025
The Department of Information and Communications Technology (DICT) was able to prevent over 5 million attempts to compromise the cybersecurity of several government agencies last year. “In 2024, the DICT automatically deterred approximately 5.4 million malicious attempts against 32 government agencies connected to our national security operations,” DICT Undersecretary for Cybersecurity Jeffrey Ian Dy said at ...
- The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT
February 28, 2025
In early 2024, analysts at the Positive Technologies Expert Security Center (PT ESC) discovered a malicious sample. The cybersecurity community named it Poco RAT after the POCO libraries in its C++ codebase. At the time of its discovery, the sample had not been linked to any known threat group. The malware came loaded with a full ...
- New spyware found to be snooping on thousands of Android and iOS users
February 28, 2025
Hundreds of thousands of Android users, as well as several thousand iPhone users, have had their sensitive data compromised by a spouseware app, called Spyzie. The apps were found leaking email addresses, text messages, call logs, photographs, and other sensitive data, belonging to millions of people who, without their knowledge or consent, have had these apps ...
- Cyber Attack Keeps Cleveland Municipal Court Offline
February 28, 2025
Cleveland Municipal Court will remain closed Thursday, four days after officials announced a cyber attack against the court. The court has been closed since Monday. All internal systems and software, including the court’s website, have been shut down and will remain offline as authorities work to figure out what happened and the best time to restore ...
- JavaGhost’s Persistent Phishing Attacks From the Cloud
February 28, 2025
Unit 42 researchers have observed phishing activity that we track as TGR-UNK-0011. They assess with high confidence that this cluster overlaps with the threat actor group JavaGhost. The threat actor group JavaGhost has been active for over five years and continues to target cloud environments to send out phishing campaigns to unsuspecting targets. According to website ...
- UK: Cyber-attack sparks security fears over NHS provider’s data
February 28, 2025
The private healthcare group that will soon take charge of Swindon community care services has been hit by a cyber-attack. HCRG Care Group recently won the contract to provide care-at-home services in the Swindon area, which was previously managed by the trust in charge of Great Western Hospital, as well as other parts of Wiltshire. The company ...