Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
May 28, 2024
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job ...
- pcTattleTale spyware leaks database containing victim screenshots, gets website defaced
May 28, 2024
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device. What goes around ...
- ABN Amro on alert as supplier hit by ransomware attack
May 28, 2024
ABN Amro is warning customers that their personal details may be at risk after a ransomware attack at one its supplier. The ransomware attack was inflicted on AddComm, which distributes documents and tokens physically and digitally to ABN Amro clients and employees. External cybersecurity experts are currently investigating exactly what data has been stolen at AddComm. Read ...
- Spying, hacking and intimidation: Israel’s nine-year ‘war’ on the ICC exposed
May 28, 2024
When the chief prosecutor of the International criminal court (ICC) announced he was seeking arrest warrants against Israeli and Hamas leaders, he issued a cryptic warning: “I insist that all attempts to impede, intimidate or improperly influence the officials of this court must cease immediately.” Now, an investigation by the Guardian and the Israeli-based magazines +972 ...
- Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
May 27, 2024
Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. A prominent example of this includes a cybercriminal ...
- Threat landscape for industrial automation systems, Q1 2024
May 27, 2024
In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Building automation has historically led the surveyed industries in terms of the percentage of ICS computers ...