North Korea Targets Crypto Firms Via US IT Provider

A US-based IT company, JumpCloud, was compromised by a North Korean hacking group that used it as a springboard to attack crypto businesses. According to a Reuters report on July 20, JumpCloud, located in Louisville, Colorado, admitted in a blog post that the hackers breached its systems in late June.

The intruders then zeroed in on less than five of JumpCloud’s clients. JumpCloud did not disclose the names of the affected customers. Still, cybersecurity firms CrowdStrike Holdings and Mandiant, who were helping JumpCloud and one of its clients, confirmed.

The hackers were part of a group known for stealing digital currencies. The sources familiar with the matter said that the hackers targeted cryptocurrency companies. This incident shows how North Korean cyber spies have changed their tactics from attacking individual crypto firms to launching “supply chain attacks.”

By exploiting a company like JumpCloud, which offers services to multiple clients, the hackers were able to access many potential victims downstream.

A New Strategy For North Korean Hackers

CrowdStrike identified the hacking group as “Labyrinth Chollima,” one of several groups believed to work for North Korea. Mandiant, on the other hand, linked the attackers to North Korea’s Reconnaissance General Bureau (RGB), the central foreign intelligence agency.

The cyber breach at JumpCloud was first reported publicly when the company emailed its customers. The email alerted them of a credential change due to an ongoing incident. The cybersecurity podcast Risky Business had previously suggested that North Korea was a likely suspect in the hack.

Labyrinth Chollima is one of North Korea’s most active hacking groups and has been behind several bold and disruptive cyber attacks. In particular, their cryptocurrency thefts have caused substantial financial losses. Blockchain analytics firm Chainalysis reports that hackers have stolen an estimated $1.7 billion worth of digital cash across multiple hacks.

Cybersecurity experts and companies like SentinelOne have expressed concerns that North Korean supply chain attacks will probably continue. The hackers’ ability to adapt their methods poses a constant challenge for the cybersecurity community. They target entities with access to many potential victims.

Despite the strong evidence, North Korea’s mission to the United Nations in New York has not replied to requests for comment. The country has also repeatedly denied involvement in digital currency heists, despite UN reports confirming their activities.

Relating Reading | XRP Holders Unfazed By SEC’s Possible Appeal – Expert lawyer

The skill and daring of North Korean hackers are increasing. The cybersecurity landscape must stay alert to counter its persistent and evolving threats.