Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Water group made loss in wake of cyber attack
February 19, 2024
The Walsall-headquartered integrated serviced group, which operates South Staffordshire Water and Cambridge Water, posted a pre-tax loss of £23.1 million for the year to the end of March from a £7.6m profit a year earlier. The losses was put down to the impact of rising costs including on energy and chemicals, higher than expected water production ...
- Why are ransomware gangs making so much money?
February 17, 2024
For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of the ...
- Alpha Ransomware Emerges From NetWalker Ashes
February 16, 2024
Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation. The NetWalker Connection Analysis of Alpha reveals significant similarities with the old NetWalker ransomware. Both threats use a similar ...
- Microsoft Exchange vulnerability actively exploited
February 16, 2024
As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. The Exchange vulnerability is listed in the ...
- China: Foreign cyber spies attack information systems of key departments, enterprises, stealing sensitive data
February 16, 2024
China’s Ministry of State Security warned on Friday that in recent years, national security agencies have discovered that foreign cyber spies have continuously attacked the information systems of key departments and enterprises within China, resulting in the theft of important sensitive data and posing a threat to China’s data security and cybersecurity. The ministry released an ...
- Android/SpyNote Moves to Crypto Currencies
February 15, 2024
Like much Android malware today, this malware abuses the Accessibility API. This API is used to automatically perform UI actions. For example, the malicious sample uses the Accessibility API to record device unlocking gestures. Newer, this SpyNote sample uses the Accessibility API to target famous crypto wallets. Read more… Source: Fortinet