A hacking group backed by the North Korean government infiltrated an American IT management company, JumpCloud, in late June, using it as a stepping stone to target several cryptocurrency companies. According to sources familiar with the matter, the hackers aimed to steal digital currency from the cryptocurrency firms using their access to JumpCloud’s systems.
JumpCloud, based in Louisville, Colorado, confirmed the hack in a recent blog post, attributing it to a “sophisticated nation-state sponsored threat actor.” However, the company did not disclose the specific entity behind the attack or reveal which clients were affected. It remains uncertain whether any digital currency was successfully stolen during the breach.
Cybersecurity firm CrowdStrike Holdings, which is collaborating with JumpCloud to investigate the breach, identified the hacking group responsible as “Labyrinth Chollima,” a notorious squad of North Korean hackers. Adam Meyers, CrowdStrike’s Senior Vice President for Intelligence, acknowledged the group’s history of targeting cryptocurrency companies, suggesting their main objective was to generate revenue for the North Korean regime.
Tom Hegel, a cybersecurity researcher at SentinelOne, stated that the JumpCloud breach exemplifies North Korea’s growing expertise in “supply chain attacks.” Such attacks involve compromising software or service providers to steal data or money from downstream users. Hegel emphasised that North Korea’s cyber activities have significantly intensified.
Independent research supported CrowdStrike’s assessment, as digital indicators provided by JumpCloud pointed to past activities linked to North Korea. The United States’ cyber watchdog agency, CISA, and the FBI declined to comment on the matter.
JumpCloud’s products cater to network administrators, aiding them in device and server management. The hack on the company came to light earlier this month when it notified customers of credential changes due to an ongoing incident.
Labyrinth Chollima is known for executing daring and disruptive cyber intrusions on behalf of North Korea. The group has been responsible for stealing substantial amounts of cryptocurrency, with estimates reaching $1.7 billion in digital cash across various hacks, as reported by blockchain analytics firm Chainalysis last year.
CrowdStrike’s Meyers warned that North Korean supply chain attacks should not be underestimated, hinting at the possibility of further similar incidents in the future. The hackers’ persistent pursuit of cryptocurrency as a revenue-generating mechanism poses ongoing challenges to cybersecurity experts and financial institutions alike.