Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- XZ backdoor: Hook analysis
June 24, 2024
In their first article on the XZ backdoor, Kaspersky researchers analyzed its code from initial infection to the function hooking it performs. As they mentioned then, its initial goal was to successfully hook one of the functions related to RSA key manipulation. In this article, the research team will focus on the backdoor’s behaviour inside OpenSSH, ...
- Change Healthcare confirms the customer data stolen in ransomware attack
June 24, 2024
For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at ...
- Fictitious Law Firms Targeting Cryptocurrency Scam Victims Offering to Recover Funds
June 24, 2024
The Federal Bureau of Investigation (FBI) is issuing this announcement to inform the public of an emerging criminal tactic used to further defraud cryptocurrency scam victims. This PSA is an update to Alert Number I-081123-PSA, published on 08/11/2023, titled, “Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams.” Using social ...
- China’s state security authorities warn of foreign spies hunting military info on messaging app
June 23, 2024
China’s Ministry of State Security on Saturday posted a short film calling on the public to enhance national security awareness, as the film describes a case of espionage in which a military enthusiast was deceived by a foreign spy disguised as a pretty girl on instant messaging app into giving up sensitive military information. Adapted from ...
- Was T-Mobile compromised by a zero-day in Jira?
June 21, 2024
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” To prove they had the data, IntelBroker posted ...
- Japan’s space agency was hit by multiple cyberattacks, but officials say no sensitive data was taken
June 21, 2024
Japan’s space agency has suffered a series of cyberattacks since last year, but sensitive information related to rockets and satellites was not affected and it is continuing to investigate and take preventive measures, officials said Friday. Chief Cabinet Secretary Yoshimasa Hayashi acknowledged that the Japan Aerospace Exploration Agency, or JAXA, has had “a number of” cyberattacks ...