Hackers infiltrate JumpCloud, targeting cryptocurrency firms

In a brazen cyber attack that has left the cryptocurrency industry on high alert, a North Korean government-backed hacking group breached a prominent American IT management firm and leveraged its access to target various cryptocurrency companies, Reuters news report said.
Bitcoin exchangeThe hacking occurred in late June when the notorious hackers infiltrated Louisville-based JumpCloud, a company that provides IT services.

Using JumpCloud’s compromised systems as a springboard, the hackers set their sights on cryptocurrency firms, seeking to pilfer digital cash from unsuspecting victims. The attack represents a significant escalation in North Korea’s cyber espionage tactics, as they now target companies that can grant them access to multiple sources of bitcoin and other digital currencies.

JumpCloud confirmed the hack in a recent blog post, attributing it to a sophisticated nation-state sponsored threat actor. However, the company did not reveal the specific party behind the cyber attack or disclose which clients were impacted. The extent of any digital currency theft resulting from the breach remains uncertain.

CrowdStrike Holdings, a leading cybersecurity firm, is collaborating with JumpCloud to investigate the breach. They have identified Labyrinth Chollima, a notorious North Korean hacker group, as the culprit behind the attack. CrowdStrike’s Senior Vice President for Intelligence, Adam Meyers, noted that the group has a track record of targeting cryptocurrency entities, likely to generate revenue for the North Korean regime.

North Korea’s mission to the United Nations in New York has not responded to requests for comment. The country has previously denied any involvement in digital currency heists, despite compelling evidence, including reports from the United Nations.

Independent research supports CrowdStrike’s allegation, as cybersecurity researcher Tom Hegel confirmed that the digital indicators left behind by the hackers pointed to previous North Korean activity.

This incident showcases the increasing sophistication of North Korean hackers, who have adopted supply chain attacks as part of their modus operandi. These elaborate hacks focus on compromising software or service providers to access and steal data or money from downstream users. Experts have noted that the recent attack on JumpCloud signifies a significant rise in the group’s cyber capabilities.

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) declined to comment on the ongoing investigation.

The hack on JumpCloud has raised concerns in the cryptocurrency community, highlighting the need for enhanced security measures and vigilance against cyber threats. North Korea’s hacking endeavors have previously resulted in staggering losses, with estimates indicating that North Korean-linked groups have stolen approximately $1.7 billion worth of digital cash through various hacks, as reported by blockchain analytics firm Chainalysis last year.

Related News

Latest News

Latest News