North Korean Hackers Are At It Again
1. The Initial Breach:
In late June, a government-backed hacking group from North Korea successfully breached the systems of JumpCloud, a tech company based in Louisville, Colorado. Subsequently, North Korean hackers leveraged this access to target a select number of the company’s clients. The specific names of the affected clients were not disclosed.
2. Cryptocurrency Companies Under Attack:
Although the identities of the targeted clients were not revealed by JumpCloud, cybersecurity firms CrowdStrike Holdings and Mandiant confirmed that the hackers focused on cryptocurrency companies. This aligns with previous patterns of North Korean cyberattacks centered around digital currency theft.
3. North Korea’s Escalating Cyber Offensive:
Industry experts have noticed a notable escalation in North Korea’s cyber activities. The hackers appear to be expanding their scope, moving from singular digital currency firms to larger targets that offer access to multiple victims downstream. Tom Hegel from SentinelOne remarked that North Korea is “stepping up their game.”
4. Attribution and Denials:
CrowdStrike identified the hacking group behind the attack as “Labyrinth Chollima,” one of several groups allegedly operating on behalf of North Korea. Meanwhile, Mandiant pointed to the Reconnaissance General Bureau (RGB), North Korea’s primary foreign intelligence agency, as the responsible entity. Despite the mounting evidence, North Korea’s mission to the United Nations in New York has not responded to requests for comments and has previously denied involvement in digital currency heists.
5. Magnitude of Losses:
The hacking group Labyrinth Chollima has a notorious reputation for daring and disruptive cyber intrusions. Their cryptocurrency thefts have resulted in staggering losses, estimated at approximately $1.7 billion worth of digital cash across multiple hacks. As reported by blockchain analytics firm Chainalysis.
The recent breach of JumpCloud and subsequent attacks on cryptocurrency companies highlight the growing threat posed by North Korean cyber spies. With their willingness to employ supply chain attacks and target the cryptocurrency industry. It is crucial for organizations to prioritize cybersecurity measures to safeguard against such threats. Experts believe that North Korean cyber offensive activities are far from over, underscoring the necessity for ongoing vigilance and robust defense strategies.