Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The Illusion Of Privacy: Geolocation Risks In Modern Dating Apps
April 4, 2024
Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature is quite useful for coordinating meetups, indicating whether a potential match is just a short distance away or a kilometer ...
- LazyStealer: Sophisticated does not mean better
April 4, 2024
In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing ...
- Why the threat of a ‘nightmare’ Chinese supercomputer just got a step closer
April 4, 2024
A cyber security official at the US State Department had noticed something unusual. An internal IT security system, nicknamed “Big Yellow Taxi”, had flagged unusual activity on its corporate Microsoft account. The tech team quickly raised its concerns to Microsoft, hopeful that the alert was just a false positive. What rapidly emerged, however, was that a ...
- UK: Parliamentary staff warned of dangers after suspected sexting honeytrap attacks
April 4, 2024
Sir Lindsay Hoyle, the Commons Speaker, has held talks with parliamentary staff following suspected sexting honeytrap attacks targeting MPs, staffers and political journalists. At least 12 men working in and around Parliament, including a serving minister and other MPs, have been targeted on WhatsApp in a suspected spear phishing attack. Attackers contacted their victims under the ...
- Chaos Ransomware Operator Gives Up Decryption Tool for Free
April 3, 2024
The SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many operators to infect victims and demand payment for file retrieval. The sample SonicWall researchers analyzed lead them to a conversation with the operator who freely gave up the ...
- Google patches critical vulnerability for Androids with Qualcomm chips
April 3, 2024
In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, ...