Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- North Korea debuts new Electricfish malware in Hidden Cobra campaigns
May 10, 2019
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks. Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and ...
- Lax Telco Security Allows Mobile Phone Hijacking and Redirects
May 9, 2019
As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...
- FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
May 8, 2019
On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to ...
- Surge of MegaCortex ransomware attacks detected
May 6, 2019
UK cyber-security firm Sophos reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions –in a tactic that is known as “big-game hunting.” The modus operandi is ...
- Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March
May 6, 2019
Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts of their customers in March 2019 alone. The increase in the ...
- Mysterious hacker has been selling Windows 0-days to APT groups for three years
May 1, 2019
For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...