Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
Contents
Cyber Threats
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
In this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges.
Summary
- Trend Research has identified multiple IP address ranges in Russia that are being used for cybercrime activities aligned with North Korea. These activities are associated with a cluster of campaigns related to the Void Dokkaebi intrusion set, also known as Famous Chollima.
- The Russian IP address ranges, which are concealed by a large anonymization network that uses commercial VPN services, proxy servers, and numerous VPS servers with RDP, are assigned to two companies in Khasan and Khabarovsk. Khasan is a mile from the North Korea-Russia border, and Khabarovsk is known for its economic and cultural ties with North Korea.
- Trend Research assesses that North …
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
In this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges.
Summary
- Trend Research has identified multiple IP address ranges in Russia that are being used for cybercrime activities aligned with North Korea. These activities are associated with a cluster of campaigns related to the Void Dokkaebi intrusion set, also known as Famous Chollima.
- The Russian IP address ranges, which are concealed by a large anonymization network that uses commercial VPN services, proxy servers, and numerous VPS servers with RDP, are assigned to two companies in Khasan and Khabarovsk. Khasan is a mile from the North Korea-Russia border, and Khabarovsk is known for its economic and cultural ties with North Korea.
- Trend Research assesses that North …
IoC
83.234.227.0
167.88.39.141
80.237.84.0
175.45.176.21
188.43.33.249
188.43.136.0
95.164.18.177
83.234.227.255
80.237.87.0
188.43.33.251
188.43.33.253
188.43.33.250
188.43.136.255
188.43.136.115
80.237.84.255
175.45.176.0
175.45.176.22
188.43.33.252
188.43.136.116
80.237.87.255
167.88.39.141
80.237.84.0
175.45.176.21
188.43.33.249
188.43.136.0
95.164.18.177
83.234.227.255
80.237.87.0
188.43.33.251
188.43.33.253
188.43.33.250
188.43.136.255
188.43.136.115
80.237.84.255
175.45.176.0
175.45.176.22
188.43.33.252
188.43.136.116
80.237.87.255