Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Businesses leaving their Kubernetes containers exposed to ransomware
March 14, 2024
As businesses look for faster and more flexible development frameworks, the use of containers and Kubernetes (K8s) continues to rise. While Kubernetes theoretically has several security advantages compared to traditional applications, it remains one of the top concerns for organizations on their cloud-native journey. This concern is fairly valid it seems. A recent report found that ...
- What’s in your notepad? Infected text editors target Chinese users
March 13, 2024
“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, Kaspersky experts discussed a malvertising campaign that ...
- CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
March 13, 2024
The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers. During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led ...
- Roku Discloses Data Breach, 15,000 Accounts Compromised
March 13, 2024
The streaming platform Roku has suffered a data breach, with more than 15,000 accounts compromised. The company – which has more than 80 million active accounts – revealed the breach in filings with the state attorney generals of Maine and California on Friday. The filings indicate that 15,363 accounts were compromised between Dec. 28, 2023, and ...
- Chinese security authority warns of espionage traps in online dating and job hunting
March 13, 2024
Are they your like-minded “online friends”? Intimate “lovers”? Caring “friends”? Helpful “good Samaritans”? Or perhaps, these are all just sweet “traps” set by espionage forces, Chinese Ministry of State Security warned the public in its latest article published on Wednesday. The ministry listed several cases adapted from real life incidents with characters using pseudonyms in the ...
- New Multi-Stage StopCrypt Ransomware
March 12, 2024
The SonicWall Capture Labs threat research team recently observed a new variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code. Infection Cycle At the start of execution, it creates a string of msim32.dll on the stack, and, using LoadLibrary, loads ...