Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Man arrested in connection with cyber-attack on airports
September 24, 2025
A person has been arrested in connection with a cyber-attack which has caused days of disruption at several European airports including Heathrow. The National Crime Agency (NCA) said a man in his forties was arrested in West Sussex “as part of an investigation into a cyber incident impacting Collins Aerospace”. There have been hundreds of flight ...
- Top auto insurance firm leaked over 5 million records
September 24, 2025
ClaimPix, a company which streamlines car insurance claims, was leaking sensitive customer data on the clearweb, including people’s phone numbers, and email addresses, an expert has warned. Security researcher Jeremiah Fowler, known for hunting down misconfigured and unprotected databases, recently found one such instance containing 5.1 million files, sharing his findings with WebsitePlanet. The archive was ...
- Serious Microsoft Entra flaw could have let hackers infiltrate any user – patch now
September 22, 2025
Security researchers have found a critical vulnerability in Microsoft Entra ID which could have allowed threat actors to gain Global Administrator access to virtually anyone’s tenant – without being detected in any way. The vulnerability consists of two things – a legacy service called “actor tokens”, and a critical Elevation of Privilege bug tracked as CVE-2025-55241. ...
- Stellantis detects breach at third-party provider for North American customers
September 22, 2025
Stellantis detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, the company said in a statement on Sunday. The automaker said the incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data. Stellantis did not specify how many ...
- Cyber-attack causes delays at Heathrow and other European airports
September 20, 2025
Heathrow is among several European airports hit by a cyber-attack affecting an electronic check-in and baggage system. The airport warned of possible delays due to a “technical issue” affecting software provided by Collins Aerospace to several airlines. Brussels Airport said a cyber-attack on Friday night meant passengers were being checked in and boarded manually, while Berlin’s ...
- WatchGuard warns users Firebox firewalls may have a critical issue
September 19, 2025
WatchGuard has fixed a critical-severity vulnerability affecting its Firebox firewalls and is urging users to apply the newly released patch without hesitation. In a security advisory, the company said it addressed an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process, which “may allow a remote unauthenticated attacker to execute arbitrary code”. The vulnerability was ...