A North Korean government-backed hacking group successfully breached a prominent American IT management company, leveraging their access to launch a targeted offensive against cryptocurrency companies.
The hacking incident was traced back to late June and has shed light on North Korea's growing expertise in cyber espionage and cryptocurrency theft.
The affected IT management firm, Louisville-based JumpCloud, recently disclosed the breach in a blog post. The hackers, known to have a focus on cryptocurrency theft, managed to infiltrate JumpCloud's systems and subsequently targeted "fewer than 5" of the company's clients.
While JumpCloud did not reveal the identities of the affected customers, cybersecurity firms CrowdStrike Holdings and Alphabet-owned Mandiant both confirmed their involvement in assisting JumpCloud and its clients, respectively.
According to a Reuters report, the targeted clients were indeed cryptocurrency companies, suggesting that North Korean cyber spies are now employing a tactic known as a "supply chain attack." This approach involves compromising a trusted vendor or service provider to gain access to multiple downstream targets, significantly expanding the scope of potential victims.
“This should be a wakeup call for both service providers and consumers of cloud-hosted services that have privileged access to sensitive information and authentication credentials,” said Chester Wisniewski, Field CTO Applied Research, Sophos.
North Korea's mission to the United Nations has remained silent, despite the mounting evidence, including reports from the United Nations, linking the country to numerous digital currency heists in the past. CrowdStrike identified the hacking group behind this attack as "Labyrinth Chollima," one of the several groups allegedly operating on North Korea's behalf.
The severity of the threat posed by Labyrinth Chollima should not be underestimated, warned Adam Meyers, Senior Vice President for Intelligence at CrowdStrike, according to a Reuters. This particular hacking group is infamous for orchestrating daring and disruptive cyber intrusions, causing considerable losses to its victims.
Blockchain analytics firm Chainalysis previously estimated that North Korean-linked groups, including Labyrinth Chollima, had stolen approximately USD 1.7 billion worth of digital currency through various hacks.