North Korean Hackers Change Strategies to Siphon Cryptos

A group of hackers backed by the North Korean government have managed to break into the system of JumpCloud, an American IT management company. He used the latter to target crypto companies in an attempt to steal digital assets. This new case of hacking, which joins the long list of misdeeds orchestrated by North Korean hackers, has a rather different modus operandi. Should we be worried about it? The answer in this article.

A new approach to hacking

According to sources familiar with the matter, North Korean hackers penetrated JumpCloud’s computer systems. These hackers took advantage of this to extract data and target the company’s customers. The goal ? It remains the same: stealing cryptos.

Until now, North Korean hackers have been content to rob crypto companies one by one. It seems that now they are going after companies that can give them wider access to potential victims and therefore, to multiple sources of digital currencies. This is their new modus operandi.

Being a company offering products to help network administrators manage devices and servers, JumpCloud was the perfect target. She indicated in a blog post that “less than 5 customers” were targeted by the hackers. This figure suggests that this attack was more of a kind of experiment for larger maneuvers.

Labyrinth Chollima, the group allegedly responsible for this attack

In the blog post published about the hack, JumpCloud traced the intrusion back to June 27, without naming those responsible. However, the investigation carried out by the cybersecurity company CrowdStrike Holdings points to the Labyrinth Chollima group as the perpetrator of this attack.

Labyrinth Chollima is one of the most active hacking groups in North Korea. He reportedly works for the Reconnaissance General Bureau (RGB), North Korea’s main foreign intelligence agency. Thus, this group is believed to be responsible for some of the boldest and most disruptive cyber intrusions to come from this isolated country.

Like Labyrinth Chollima, many hacker groups would be in the pay of Pyongyang and would seek to “generate revenue for the regime”. Blockchain analytics firm Chainalysis said that last year the total amount of money stolen by these groups was estimated to be around $1.7 billion in digital money.

North Korea steps up its game

True to its strategy, Pyongyang’s mission to the United Nations in New York refrained from commenting on the news. It must be said that until now, North Korea has always denied having organized digital cryptocurrency thefts, despite the overwhelming evidence gathered against it.

Meanwhile, North Korean computer attacks are gaining in efficiency and scope. As cybersecurity researcher Tom Hegel told Reuters, North Korea is really stepping up its game. Its hackers have become adept at “supply chain attacks.”

Also, they stage elaborate hacks that work by compromising software or service providers in order to steal data – or money – from downstream users. Everything therefore suggests that this is not the last time that we will see attacks against the supply chain.

In sum, the hack of the American computer company JumpCloud poses a new threat to the crypto industry. It also revives the debate on the evolution of the North Korean nuclear program and its impact on the rest of the world.

Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss any of the essential Tremplin.io!

Similar Posts