On July 20, Reuters reported that a hacking group backed by the North Korean government successfully infiltrated an American IT management company, JumpCloud, and exploited it as a launching point to target cryptocurrency companies.
JumpCloud, based in Louisville, Colorado, disclosed the breach in a blog post, stating that the hackers gained unauthorized access to their systems in late June. The attackers then focused their efforts on fewer than five of JumpCloud’s clients.
Though JumpCloud did not reveal the affected customers’ identities, cybersecurity companies CrowdStrike Holdings and Mandiant, who are assisting JumpCloud and one of its clients, respectively, confirmed that the hackers were known for their interest in cryptocurrency theft.
Notably, the specific targets of the attack were cryptocurrency companies, according to individuals familiar with the matter.
This incident underscores the evolving tactics of North Korean cyber spies, who have shifted from targeting digital currency firms one by one to adopting a “supply chain attack” strategy.
By exploiting a company like JumpCloud, which provides services to multiple clients, the hackers gained access to multiple potential victims downstream.
CrowdStrike identified the hacking group responsible as “Labyrinth Chollima,” which is just one of several groups believed to operate on behalf of North Korea.
On the other hand, Mandiant attributed the attackers to North Korea’s Reconnaissance General Bureau (RGB), the primary foreign intelligence agency.
The cyber intrusion into JumpCloud was first brought to public attention when the company sent emails to its customers, warning them of a credential change due to an ongoing incident.
READ MORE: OpenAI Unveils Android Version of ChatGPT
It’s worth noting that North Korea’s involvement as a suspect in the hack was previously suggested by the cybersecurity-focused podcast, Risky Business.
Labyrinth Chollima, known for being one of North Korea’s most active hacking groups, has been responsible for audacious and disruptive cyber intrusions.
In particular, their cryptocurrency thefts have resulted in significant financial losses, with an estimated $1.7 billion worth of digital cash stolen across multiple hacks, as reported by Blockchain analytics firm Chainalysis.
Cybersecurity experts and firms like SentinelOne share concerns that North Korean supply chain attacks will likely continue.
The hackers’ ability to evolve their techniques and target entities with access to numerous potential victims poses an ongoing challenge for the cybersecurity community.
Despite the mounting evidence, North Korea’s mission to the United Nations in New York has not responded to requests for comment.
The country has consistently denied any involvement in digital currency heists, even in the face of compelling evidence, including United Nations reports confirming their activities.
As the sophistication and audacity of North Korean hackers continue to grow, the cybersecurity landscape must remain vigilant to combat their persistent and evolving threats.
Other Stories:
SEC Contemplates Appeal Over Controversial XRP Ruling
Nigerian Social Payments App Bundle Ceases Crypto Exchange Services
Bitcoin Laundering Couple Reach Plea Agreement with U.S. Authorities