Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- South Korea cyber crisis deepens as Coupang data leak exposes national vulnerabilities
December 1, 2025
An investigation is under way into the cause of the breach. The leak raised concerns about phishing attempts targeting customers. Telecom, payments and crypto firms also reported recent breaches. A major data breach at South Korea’s biggest e-retailer has intensified concerns about the country’s digital preparedness, with the latest incident now seen as part of a ...
- Thousands of Airbus planes grounded after faulty software detected
November 29, 2025
Airlines around the world have been forced to ground thousands of Airbus planes following the discovery of a software problem which may have contributed to a sudden drop in the altitude of a plane last month, injuring 15 people. Around 6,000 A320 planes are thought to be affected, delaying and cancelling flights over the weekend. Airbus ...
- Tomiris wreaks Havoc: New tools and techniques of the APT group
November 28, 2025
While tracking the activities of the Tomiris threat actor, Kaspersky researchers identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In several cases, Kaspersky traced the threat actor’s actions from initial infection to the deployment of post-exploitation ...
- Organised crime online: How Europol disrupts cybercrime
November 27, 2025
How does Europol target cybercrime networks? Investigate phishing-as-a-service platforms? Or help tackle child sexual exploitation? This publication, presented at the Committee on Civil Liberties, Justice and Home Affairs Ordinary (LIBE), provides a general overview on how Europol disrupts cybercrime, taking the key insights from the Internet Organised Crime Threat Assessment (IOCTA) and EU Serious and Organised ...
- The Golden Scale: ‘Tis the Season for Unwanted Gifts
November 26, 2025
In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). This latest ...
- Bug in jury systems used by several US states exposed sensitive personal data
November 26, 2025
Several public websites designed to allow courts across the United States and Canada to manage the personal information of potential jurors had a simple security flaw that easily exposed their sensitive data, including names and home addresses, TechCrunch has exclusively learned. A security researcher, who asked not to be named for this story, contacted TechCrunch with ...