North Korean hackers purportedly infiltrate US cryptocurrency firms
The hackers breached JumpCloud, a US IT management company, to exploit its clients.
A hacking group has infiltrated JumpCloud, a US IT management company, and leveraged its access to JumpCloud’s systems to exploit cryptocurrency companies. According to JumpCloud, the breach affected fewer than 5 of its clients.
CrowdStrike, JumpCloud’s incident response partner, identified the hackers as ‘Labyrinth Chollima’. They are one of several groups believed to be working for North Korea.
The hack illustrates how North Korean cyberespionage, previously content to target digital currency firms piece by piece, is now targeting companies that can give them broader access to multiple victims downstream in a ‘supply chain attack’ tactic. Last year, a group linked to North Korea stole an estimated $1.7 billion worth of digital cash through multiple hacks, according to blockchain analytics firm Chainalysis.
Labyrinth Chollima is one of North Korea’s most prolific hacking groups, allegedly responsible for some of the isolated country’s most destructive cyber intrusions. According to Mandiant, the hackers responsible are working for the Reconnaissance General Bureau, North Korea’s primary foreign intelligence agency.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.