North Korean government-backed hacking group Labyrinth Chollima was responsible for last month’s attack against US-based tech company JumpCloud in an attempt to gain access to its clientele of crypto firms, Reuters reports.
Last week, JumpCloud first announced that a “sophisticated nation-state sponsored threat actor” had gained unauthorized access to its systems and targeted a “small and specific set” of customers. JumpCloud sells software to authorize and manage users across devices for major firms, but a spokesperson said that less than five customers were affected.
Cybersecurity researcher Tom Hegel told Reuters that North Korean hackers have become well versed in “supply chain attacks,” wherein service providers are infiltrated in order to access the real prize — its customers. In this case, crypto firms are said to have been targeted but it remains unclear if any crypto was actually stolen, nor is it clear which crypto firms were breached.
Working to assess the breach with JumpCloud, cybersecurity firm CrowdStrike confirmed to Reuters that Labyrinth Chollima was responsible. North Korea’s incredibly advanced teams of state-sponsored hacking groups continuously target crypto firms to prop up their revenue streams. In 2021, the UN reported that groups stole $300 million to fuel its weapons program.
However, that’s just the tip of the iceberg — a Chainalysis report last year said North Korean-linked groups stole $1.7 billion in digital assets through several hacks.
Last week, JumpCloud assured customers that it changed their credentials “out of an abundance of caution” despite the low number of targeted firms. But anyone can be next — North Koreans have proven time and again to be incredibly capable hackers. CrowdStrike SVP for intelligence Adam Meyers told Reuters, “I don’t think this is the last we’ll see of North Korean supply chain attacks this year.”