Mastodawn

The Threat Codex Feb 27

Tracking DPRK operator IPs over time
#FAMOUSCHOLLIMA
https://kmsec.uk/blog/dprk-opsec-3/

Tracking DPRK operator IPs over time | kmsec.uk

FAMOUS CHOLLIMA's temporary email usage leaks IP addresses (opsec mistakes part 3)

Cindʎ Xiao 🍉Jan 22

RE: https://social.troll.academy/@mushu/115937976404644181

https://runjak.codes/posts/2026-01-21-adversarial-coding-test/

Seems really similar to a recently reported variant of a North Korean state aligned campaign, ContagiousInterview. They've moved to VS Code tasks now

cc @lazarusholic

https://www.jamf.com/blog/threat-actors-expand-abuse-of-visual-studio-code/
https://opensourcemalware.com/blog/contagious-interview-vscode

#DPRK #ContagiousInterview #lazarus #LazarusGroup #FamousChollima

The Threat Codex Nov 9

Interview with the Chollima V
#FAMOUSCHOLLIMA
https://quetzal.bitso.com/p/interview-with-the-chollima-v

Interview with the Chollima V

This is getting sad already

Bitso Quetzal Team

Hackread.com Nov 3

Watch as North Korean hackers from the #FamousChollima group are caught using AI deepfakes and stolen identities in fake job interviews to infiltrate crypto and #Web3 firms.

Details: https://hackread.com/north-korean-hackers-video-ai-filter-fake-job-interview/

#CyberSecurity #CyberCrime #NorthKorea #Lazarus #Scam #AI

North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews

The Threat Codex Oct 16

BeaverTail and OtterCookie evolve with a new Javascript module
#BeaverTail #OtterCookie #FAMOUSCHOLLIMA
https://blog.talosintelligence.com/beavertail-and-ottercookie/

BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).

Cisco Talos Blog

Hackread.com Oct 16

Watch out as the North Korean hackers from the #FamousChollima group are using fake job offers to spread BeaverTail and OtterCookie malware, stealing crypto and credentials in a new attack.

Read: https://hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/

#Cybersecurity #Malware #BeaverTail #OtterCookie #NorthKorea

NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto

The Threat Codex Sep 17, 2025

Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure
#BeaverTail #InvisibleFerret #FAMOUSCHOLLIMA
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/north-korean-malware-sept-2025/

Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure - GitLab Security Tech Notes

The Threat Codex Jul 2, 2025

Famous Chollima deploying Python version of GolangGhost RAT
#FAMOUSCHOLLIMA #GolangGhost
https://blog.talosintelligence.com/python-version-of-golangghost-rat/

Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

Cisco Talos Blog

lazarusholic Jun 24, 2025

"Famous Chollima’s PylangGhost" published by PolySwarm. #FamousChollima, #PylangGhost, #DPRK, #CTI https://blog.polyswarm.io/famous-chollimas-pylangghost

Famous Chollima’s PylangGhost

Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India.

Hackread.com Jun 19, 2025

🚨 North Korean hackers from #FamousChollima group are using fake crypto job interviews to spread a new malware called #PylangGhost, targeting blockchain pros.

Details: https://hackread.com/n-korean-hackers-pylangghost-malware-crypo-job-scam/

#CyberSecurity #NorthKorea #CyberCrime #Malware

N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto