Intel Name: Russian infrastructure plays crucial role in north korean cybercrime operations
Date of Scan: April 24, 2025
Impact: High
Summary: Multiple Russian IP address ranges—masked through VPNs, proxy servers, and VPS infrastructure—are being used in cybercrime operations aligned with North Korea’s Void Dokkaebi group (also known as Famous Chollima). These IPs are linked to companies near the North Korea-Russia border and support IT workers operating from countries like China, Russia, and Pakistan. The infrastructure facilitates activities such as job scams, cryptocurrency theft, and brute-force attacks. Instructional materials and non-native English content suggest potential collaboration with foreign conspirators. Targets include IT professionals in Ukraine, the U.S., and Germany, particularly those involved in crypto, Web3, and blockchain.
