Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware: Attacks could be about to get even more dangerous and disruptive
December 23, 2020
Ransomware is one of the biggest threats facing businesses. An organisation that falls victim to a ransomware attack – which sees cyber criminals use malware to encrypt the network, rendering it inoperable – will quickly find itself unable to do business at all. Cyber criminals lock down networks like this for one simple reason: it’s the ...
- PSA: Active Chase phishing scam pretends to be fraud alerts
December 23, 2020
A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient’s account to be blocked. Today, numerous people have told BleepingComputer that they received the same fake Chase “Security Notice” scam attempting to steal their banking credentials. One recipient said ...
- Emotet Returns to Hit 100K Mailboxes Per Day
December 23, 2020
After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information ...
- A Timeline Perspective of the SolarStorm Supply-Chain Attack
December 23, 2020
On Dec. 13, the cyber community became aware of one of the most significant cybersecurity events of our time, impacting both commercial and government organizations around the world. The event was a supply-chain attack on SolarWinds OrionⓇ software conducted by suspected nation-state operators that we are tracking as SolarStorm. Unit 42 was able to connect ...
- Card-Not-Present Fraud: 4 Security Considerations for Point of Sale Businesses
December 23, 2020
As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study finds remote attacks ...
- DHS warns of data theft risk when using Chinese products
December 23, 2020
The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People’s Republic of China (PRC). The reason that prompted this business advisory is the need to highlight the PRC government-sponsored data theft risk to all organizations and individuals who ...