Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New MrbMiner malware has infected thousands of MSSQL databases
September 16, 2020
A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner. Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent. In a report published earlier this month, Tencent Security has named this ...
- Adobe out-of-band patch released to tackle Media Encoder vulnerabilities
September 16, 2020
Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder. Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release. On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 ...
- Boosting Impact for Profit: Evolving Ransomware Techniques for Targeted Attacks
September 15, 2020
While more enterprises have adjusted to the new normal, so have cybercriminals who take advantage of the ever-changing work, home, and security landscape. As described in our 2020 Midyear Roundup, the numbers pertaining to ransomware no longer tell the story at first glance. While the number of infections, company disclosures, and ransomware families has gone ...
- Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits
September 15, 2020
From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited ...
- The State of Industrial Cybersecurity 2020
September 15, 2020
In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide. This ...
- Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw
September 15, 2020
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol. BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to ...