North Korean cybercriminals using Russian IP addresses for malicious activities



News North Korean cybercriminals using Russian IP addresses for malicious activities Report finds evidence of infrastructure sharing between DPRK and Russian entities, underlining ties in cyber realm Shreyas Reddy April 24, 2025 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON A stack of servers \| Image: David Lohner via Pixabay North Korean cybercriminals and overseas IT workers are leveraging Russian digital infrastructure to carry out malicious cyber activities, according to an American-Japanese security company. In a blog post published on Wednesday, Trend Micro said it has identified five Russian IP ranges linked to a threat cluster it tracks under the name “Void Dokkaebi,” noting that the use of infrastructure outside the DPRK helps its cybercriminals overcome the technical limitations of a national network that only has only 1,024 assigned IP addresses. Also known as “Famous Chollima” and “UNC5267,” the loosely defined cluster relates primarily to North Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01China could offer Seoul security guarantees against North Korea. Why won’t it? 02North Korea starts new construction at Mount Paektu in bid to attract tourists 03How unsustainable wildlife trade threatens North Korea’s biodiversity 04Opening event imminent for North Korea’s Wonsan Kalma mega beach resort: Imagery 05North Korea dismantles inter-Korean reunions hotel despite Lee’s engagement push 06What Kim Jong Un is learning from Israel’s offensive as Tehran burns 07Trump lifted sanctions on Syria. But that playbook won’t work for North Korea. 08Why Kim Jong Un’s latest military reshuffle wasn’t tied to warship launch mishap

News

North Korean cybercriminals using Russian IP addresses for malicious activities

Report finds evidence of infrastructure sharing between DPRK and Russian entities, underlining ties in cyber realm

Shreyas Reddy April 24, 2025

North Korean cybercriminals using Russian IP addresses for malicious activities

A stack of servers | Image: David Lohner via Pixabay

North Korean cybercriminals and overseas IT workers are leveraging Russian digital infrastructure to carry out malicious cyber activities, according to an American-Japanese security company.

In a blog post published on Wednesday, Trend Micro said it has identified five Russian IP ranges linked to a threat cluster it tracks under the name “Void Dokkaebi,” noting that the use of infrastructure outside the DPRK helps its cybercriminals overcome the technical limitations of a national network that only has only 1,024 assigned IP addresses.

Also known as “Famous Chollima” and “UNC5267,” the loosely defined cluster relates primarily to North

01China could offer Seoul security guarantees against North Korea. Why won’t it?
02North Korea starts new construction at Mount Paektu in bid to attract tourists
03How unsustainable wildlife trade threatens North Korea’s biodiversity
04Opening event imminent for North Korea’s Wonsan Kalma mega beach resort: Imagery
05North Korea dismantles inter-Korean reunions hotel despite Lee’s engagement push
06What Kim Jong Un is learning from Israel’s offensive as Tehran burns
07Trump lifted sanctions on Syria. But that playbook won’t work for North Korea.
08Why Kim Jong Un’s latest military reshuffle wasn’t tied to warship launch mishap

North Korean cybercriminals using Russian IP addresses for malicious activities

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy