North Korean cybercriminals using Russian IP addresses for malicious activities



News North Korean cybercriminals using Russian IP addresses for malicious activities Report finds evidence of infrastructure sharing between DPRK and Russian entities, underlining ties in cyber realm Shreyas Reddy April 24, 2025 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON A stack of servers \| Image: David Lohner via Pixabay North Korean cybercriminals and overseas IT workers are leveraging Russian digital infrastructure to carry out malicious cyber activities, according to an American-Japanese security company. In a blog post published on Wednesday, Trend Micro said it has identified five Russian IP ranges linked to a threat cluster it tracks under the name “Void Dokkaebi,” noting that the use of infrastructure outside the DPRK helps its cybercriminals overcome the technical limitations of a national network that only has only 1,024 assigned IP addresses. Also known as “Famous Chollima” and “UNC5267,” the loosely defined cluster relates primarily to North Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01Elite absences hint at a North Korean power struggle ahead of party congress 02With Yoon’s exit, South Korea faces critical choices on North Korea strategy 03Tools of the trade: How North Korea launders billions in stolen cryptocurrency 04North Korea’s ‘new’ sniper rifle likely Austrian import or copy: Analysis 05North Korean ICBM factory upgrade project resumes, expands: Imagery 06Ruse or revolution? Analyzing North Korea’s new drone and AEW&C aircraft 07New construction underway near North Korean aircraft factories amid drone push 08What Americans think about travel to North Korea, 8 years after Warmbier’s death

News

North Korean cybercriminals using Russian IP addresses for malicious activities

Report finds evidence of infrastructure sharing between DPRK and Russian entities, underlining ties in cyber realm

Shreyas Reddy April 24, 2025

North Korean cybercriminals using Russian IP addresses for malicious activities

A stack of servers | Image: David Lohner via Pixabay

North Korean cybercriminals and overseas IT workers are leveraging Russian digital infrastructure to carry out malicious cyber activities, according to an American-Japanese security company.

In a blog post published on Wednesday, Trend Micro said it has identified five Russian IP ranges linked to a threat cluster it tracks under the name “Void Dokkaebi,” noting that the use of infrastructure outside the DPRK helps its cybercriminals overcome the technical limitations of a national network that only has only 1,024 assigned IP addresses.

Also known as “Famous Chollima” and “UNC5267,” the loosely defined cluster relates primarily to North

01Elite absences hint at a North Korean power struggle ahead of party congress
02With Yoon’s exit, South Korea faces critical choices on North Korea strategy
03Tools of the trade: How North Korea launders billions in stolen cryptocurrency
04North Korea’s ‘new’ sniper rifle likely Austrian import or copy: Analysis
05North Korean ICBM factory upgrade project resumes, expands: Imagery
06Ruse or revolution? Analyzing North Korea’s new drone and AEW&C aircraft
07New construction underway near North Korean aircraft factories amid drone push
08What Americans think about travel to North Korea, 8 years after Warmbier’s death

North Korean cybercriminals using Russian IP addresses for malicious activities

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy