North Korean hackers purportedly infiltrate US cryptocurrency firms

The hackers breached JumpCloud, a US IT management company, to exploit its clients.

North Korea flag is depicted on the screen with the program code

A hacking group has infiltrated JumpCloud, a US IT management company, and leveraged its access to JumpCloud’s systems to exploit cryptocurrency companies. According to JumpCloud, the breach affected fewer than 5 of its clients.

CrowdStrike, JumpCloud’s incident response partner, identified the hackers as ‘Labyrinth Chollima’. They are one of several groups believed to be working for North Korea. 

The hack illustrates how North Korean cyberespionage, previously content to target digital currency firms piece by piece, is now targeting companies that can give them broader access to multiple victims downstream in a ‘supply chain attack’ tactic. Last year, a group linked to North Korea stole an estimated $1.7 billion worth of digital cash through multiple hacks, according to blockchain analytics firm Chainalysis.

Labyrinth Chollima is one of North Korea’s most prolific hacking groups, allegedly responsible for some of the isolated country’s most destructive cyber intrusions. According to Mandiant, the hackers responsible are working for the Reconnaissance General Bureau, North Korea’s primary foreign intelligence agency.