Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
April 24, 2025, 6:13 p.m.
Description
North Korean cybercrime activities heavily rely on Russian IP ranges in Khasan and Khabarovsk, utilizing extensive anonymization networks. The Void Dokkaebi group, linked to North Korea, employs fictitious companies like BlockNovas to target IT professionals through fraudulent job interviews, aiming to steal cryptocurrency and potentially engage in espionage. Their tactics involve using VPNs, proxies, and RDP connections to obscure their origins. Instruction videos suggest the involvement of less-skilled foreign conspirators. The primary focus remains cryptocurrency theft, but there's potential for expanded espionage activities and possible cooperation between North Korean and Russian entities.
Tags
Date
- Created: April 24, 2025, 6:01 p.m.
- Published: April 24, 2025, 6:01 p.m.
- Modified: April 24, 2025, 6:13 p.m.
Indicators
- 95.164.33.66
- 95.164.18.177
- 94.232.247.192
- 94.131.96.32
- 94.131.101.119
- 74.119.194.244
- 74.119.192.244
- 5.253.41.207
- 5.180.24.82
- 45.83.140.51
- 45.8.146.226
- 45.61.151.174
- 45.12.141.170
- 37.221.125.200
- 188.43.33.250
- 193.178.210.229
- 188.43.136.116
- 188.43.136.115
- 175.45.176.22
- 175.45.176.21
- 171.22.120.200
- 171.22.127.221
- 103.47.67.26
- 103.35.191.100
- 103.35.188.149
- 103.231.72.236
- 95.217.124.253
- 88.119.169.226
- 45.61.150.31
- 45.142.213.118
- 37.221.126.117
- 172.86.80.145
- 166.88.61.53
- 45.8.146.117
- 5.253.43.122
- 185.153.182.241
- 185.235.241.208
- gitlab.blocknovas.com
- bookings.blocknovas.com
- worldenterprise-beta.com
- softglide.co
- lianxinxiao.com
- easydriver.cloud
- blocknovas.com
- apply-blocknovas.site
Additional Informations
- Technology
- Energy
- Finance
- Germany
- Ukraine
- United States of America