Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
North Korean cybercrime activities heavily rely on Russian IP ranges in Khasan and Khabarovsk, utilizing extensive anonymization networks. The Void Dokkaebi group, linked to North Korea, employs fictitious companies like BlockNovas to target IT professionals through fraudulent job interviews, aiming to steal cryptocurrency and potentially engage in espionage. Their tactics involve using VPNs, proxies, and RDP connections to obscure their origins. Instruction videos suggest the involvement of less-skilled foreign conspirators. The primary focus remains cryptocurrency theft, but there's potential for expanded espionage activities and possible cooperation between North Korean and Russian entities.
OPENCTI LABELS :
social engineering,cryptocurrency,beavertail,frostyferret,blocknovas,invisible ferret,anonymization networks
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations