News
North Korean Hackers Breached a US Tech Company to Steal Crypto
(CTN News) – A North Korean government-backed hacking group known as “Labyrinth Chollima” has recently executed a sophisticated supply chain attack, leveraging an American IT management company to target cryptocurrency companies as a springboard.
The IT firm, JumpCloud, based in Louisville, Colorado, reported the breach in late June, where the hackers gained unauthorized access to their systems.
Subsequently, they targeted several JumpCloud’s clients, specifically on cryptocurrency theft. This incident underscores North Korea’s escalating cyber espionage efforts, which now involve attacking companies that provide broader access to multiple downstream victims.
The Supply Chain Attack:
In a blog post, JumpCloud disclosed the breach and acknowledged the attackers’ focus on cryptocurrency companies. While the affected clients were not named, cybersecurity firms CrowdStrike Holdings and Mandiant confirmed that the hackers were known for their interest in cryptocurrency-related thefts. Two anonymous sources familiar with the matter confirmed that the targeted clients were cryptocurrency companies.
Expanding Tactics and Attribution:
The attack exemplifies how North Korean cyber operatives have shifted their tactics from individual digital currency heists to larger-scale supply chain attacks. These attacks allow hackers to infiltrate a trusted vendor or service provider like JumpCloud and exploit their connections to compromise multiple downstream targets.
CrowdStrike identified the hacking group responsible as “Labyrinth Chollima,” one of several groups believed to be operating on behalf of North Korea. Mandiant attributed the hackers to North Korea’s Reconnaissance General Bureau (RGB), the country’s primary foreign intelligence agency.
Denial and Escalation:
Despite extensive evidence, including reports from the United Nations, North Korea has consistently denied its involvement in digital currency heists. Nonetheless, cybersecurity experts, including those from SentinelOne, have independently corroborated Mandiant and CrowdStrike’s attribution, highlighting North Korea’s increased cyber capabilities.
Labyrinth Chollima’s Track Record:
The hacking group, Labyrinth Chollima, is renowned for its audacious and disruptive cyber intrusions. Its primary target has been cryptocurrency, and according to blockchain analytics firm Chainalysis, the group has managed to steal an estimated $1.7 billion worth of digital assets across multiple hacks.
Future Projections:
Adam Meyers, Senior Vice President for Intelligence at CrowdStrike, warned against underestimating North Korea’s hacking prowess. He anticipates more future supply chain attacks orchestrated by North Korean hacking squads, underscoring the need for heightened vigilance and robust cybersecurity measures among potential targets.
Conclusion:
The recent supply chain attack carried out by North Korean hackers on JumpCloud, an American IT management company, emphasizes the evolving cyber threats the cryptocurrency industry faces.
With hackers employing sophisticated tactics and leveraging trusted service providers, cryptocurrency companies must remain vigilant to safeguard their systems and assets. As cybersecurity experts expect more attacks of this nature, cooperation between private companies, government agencies, and cybersecurity firms is crucial to mitigate such risks effectively.
