According to reliable sources, a North Korean government-backed hacking group targeted an American IT management company, JumpCloud, and used it as a jumping off point to attack multiple cryptocurrency companies in order to steal digital money. The breach, which happened in late June, allowed the hackers, known as “Labyrinth Chollima,” to gain access to the firm’s bitcoin clients. While JumpCloud admitted the breach, they did not reveal the attackers or the clients that were affected. CrowdStrike Holdings, a cybersecurity firm, verified North Korean hackers’ involvement, citing their emphasis on attacking cryptocurrency businesses to generate income for the dictatorship. This event demonstrates North Korea’s developing expertise in carrying out supply chain attacks, compromising software or service providers in order to gain access to downstream consumers’ data or finances.
North Korean hackers performed an advanced cyber attack through the IT management business JumpCloud, stealing digital assets from cryptocurrency companies. “Labyrinth Chollima,” a known hacking organization, obtained access to JumpCloud’s networks and used it to breach its bitcoin clients. Although JumpCloud admitted the intrusion, the identity of the hackers and the degree of the damage remain unknown. CrowdStrike Holdings, which is working with JumpCloud to investigate the attack, acknowledged North Korea’s involvement and emphasized the regime’s past focus on cryptocurrency targets in order to generate income. This exploit exemplifies North Korean hackers’ expanding use of supply chain attacks, in which they infiltrate service providers in order to acquire access to important information and finances from downstream consumers.
North Korean hacker organization “Labyrinth Chollima” exhibited its developing tactics by accessing JumpCloud, an American IT management firm, and then targeting various cryptocurrency companies to steal digital currencies. Despite acknowledging the hack, JumpCloud did not name the culprits or divulge the clients who were affected. CrowdStrike Holdings’ cybersecurity specialists, however, corroborated North Korea’s involvement, highlighting the state’s predilection for targeting bitcoin businesses to financially support the dictatorship. The event demonstrates North Korea’s growing skill in carrying out supply chain attacks, in which they exploit vulnerabilities in software or service providers to gain data or payments from downstream customers. As long as this threat exists, cybersecurity experts anticipate more such attacks throughout the year.