According to media reports, North Korean state hackers have again targeted crypto firms. In a recent revelation, the hackers have exploited a cloud services provider called JumpCloud to steal funds from crypto companies that use its services. Reportedly, Reuter’s confidential sou...
According to media reports, North Korean state hackers have again targeted crypto firms. In a recent revelation, the hackers have exploited a cloud services provider called JumpCloud to steal funds from crypto companies that use its services.
Reportedly, Reuter’s confidential sources indicate that the North Korean state-backed hackers had significant focus on cryptocurrency companies. However, the report did not disclose the names of the impacted companies or the exact quantity of cryptocurrency purportedly stolen.
Sources reveal that Crowdstrike, a cybersecurity firm which is in collaboration with JumpCloud to probe the incident, attributed the attack to a group known as Labyrinth Chollima. Although the representative from Crowdstrike did not confirm if any cryptocurrency was stolen, he noted the group’s history of targeting cryptocurrency companies.
In an update on the incident on Thursday, JumpCloud explicitly announced North Korea as the perpetrator of the attack. It also disclosed that less than five of the company’s 200,000 corporate clients, and less than 10 devices, were affected.
However, this is not the first time JumpCloud has suffered such an exploit. Previously, the company described a spear-phishing campaign conducted by a “sophisticated nation-state sponsored threat actor.” It revealed that the company said that the attack began on June 22 and said that it detected those activities on June 27.
According to JumpCloud’s investigation, it did not find any indication that customers were affected at that time. Nevertheless, the company updated credentials and took extra steps to preserve security; it also contacted law enforcement.
However, on July 5, the company found additional activity that impacted its customers, who were then informed of the situation. In its press release, JumpCloud called the attackers “sophisticated and persistent adversaries with advanced capabilities” and said the best defense involves sharing information. It added that the attack vector involved data injection into its commands framework.
Notably, the attack was found to be highly targeted and specific to certain customers. The attack produced a list of IOCs (Indicators of Compromise), which JumpCloud has shared.
While the attack on cloud services platform to gain access to crypto clients isn’t a sought practice, it is not the first time North Korean hackers have been involved in such an activity. North Korean attackers have been involved in other crypto attacks including those against Axie Infinity and Horizon Bridge.
Simultaneously, as reported by Todayq News, North Korea’s defamed Lazarus Group was also anticipated to be behind the attack on Euler Finance, a decentralized finance (DeFi) platform on the Polygon network. In total, Chainalysis suggest that North Korean groups stole $1.7 billion amidst $3.8 billion in broader crypto thefts in 2022.
To this, the United Nations (UN) also raised an alarm over North Korea’s involvement in increasing crimes in the crypto sector. In its report, the UN also urges its member countries to adopt efficient regulatory guidelines to prevent money laundering.
© Todayq News