Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Kansas: First responders impacted by City of Wichita cyber attack
May 8, 2024
The City of Wichita is staying tight-lipped on details about a cyber attack that led to the shutdown of some of its online systems. Getting details on the cybersecurity attack, how it happened and what information could be at risk has been a challenge. The City has not had answers to many of KSN’s questions. What ...
- Dmitry Khoroshev named as alleged leader of ransomware gang LockBit
May 7, 2024
The alleged leader of what was once the world’s largest ransomware outfit, LockBit, has been named as Russian national Dmitry Khoroshev by the UK’s National Crime Agency (NCA), after the seizure of the criminal gang’s infrastructure. Khoroshev, who lived his online life under the name LockBitSupp, has been sanctioned by the UK, US and Australia as ...
- China suspected of hacking UK armed forces payroll
May 7, 2024
The government suspects China was behind the hack of an armed forces payroll system, the BBC understands. Defence Secretary Grant Shapps will not identify a specific culprit when he addresses MPs today, but is expected to warn of the dangers posed by cyber espionage from hostile states. The system used by the Ministry of Defence (MoD) ...
- Exploits and vulnerabilities in Q1 2024
May 7, 2024
Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of evolving cyberthreat landscape. In this report, Kaspersky researchers present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by ...
- UK: Cyber attack on Scots health board sees stolen data published on dark web
May 7, 2024
A large volume of data stolen during a cyber attack on a health board has been published by a ransomware group. Cyber criminals were able to access a significant amount of data including patient and staff-identifiable information during the attack on NHS Dumfries and Galloway which began at the end of February. Data relating to a ...
- Financial cyberthreats in 2023
May 6, 2024
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat ...