North Korean hackers purportedly infiltrate US cryptocurrency firms
The hackers breached JumpCloud, a US IT management company, to exploit its clients.
A hacking group has infiltrated JumpCloud, a US IT management company, and leveraged its access to JumpCloud’s systems to exploit cryptocurrency companies. According to JumpCloud, the breach affected fewer than 5 of its clients.
CrowdStrike, JumpCloud’s incident response partner, identified the hackers as ‘Labyrinth Chollima’. They are one of several groups believed to be working for North Korea.
The hack illustrates how North Korean cyberespionage, previously content to target digital currency firms piece by piece, is now targeting companies that can give them broader access to multiple victims downstream in a ‘supply chain attack’ tactic. Last year, a group linked to North Korea stole an estimated $1.7 billion worth of digital cash through multiple hacks, according to blockchain analytics firm Chainalysis.
Labyrinth Chollima is one of North Korea’s most prolific hacking groups, allegedly responsible for some of the isolated country’s most destructive cyber intrusions. According to Mandiant, the hackers responsible are working for the Reconnaissance General Bureau, North Korea’s primary foreign intelligence agency.