Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Leicester street lights stuck on all day due to cyber attack
April 22, 2024
A cyber attack targeting Leicester City Council has led to some street lights being stuck on all day. The attack crippled the authority’s services seven weeks ago and led to confidential documents being published online by the hackers, including rent statements and applications to buy council houses. Read more… Source: MSN News Sign up for our Newsletter Related:
- Singapore: Personal information of parents, staff at 127 schools accessed in data security breach
April 20, 2024
A data breach at one of its vendors has resulted in the “unauthorised access” of names and email addresses of parents and staff from five primary and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19). MOE said it was notified by Mobile Guardian that its user management portal had been breached ...
- More ways Israel could strike Iran, from cyber attacks to assassinations
April 20, 2024
For years, the two countries in the Middle East targeted each other’s military and intelligence sites in cyber attacks. The best known, from Israel’s side, was Stuxnet – reportedly developed jointly by the U.S. and Israel — that struck the computer system of the Natanz nuclear site, an underground facility in central Iran. The New York ...
- Overflowing Water Tank Linked to Russian Cyber Attack
April 19, 2024
A water tank in Texas overflowed after a cyber attack in January, and a new report is linking the incident to hackers backed by the Russian government. On Jan. 18, city officials in Muleshoe were alerted to an overflowing water tank. When they checked it out, they learned that a software hack had caused a system ...
- The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider
April 18, 2024
In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK. The popularity of the platform meant that at the time of the ...
- DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
April 18, 2024
In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East. They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, ...