According to Reuters, JumpCloud, an American IT management company based in Louisville, Colorado, confirmed a breach in the system. end of June 2023 by a hacking group backed by the North Korean government . The hackers targeted clients of JumpCloud’s cryptocurrency company, marking a strategic shift in its operations.

JumpCloud, an identity and access management company, is the preferred choice for many crypto projects for infrastructure services. For example, Chiliz, a leading player in the crypto industry, chose JumpCloud as a mobile device management solution for his rapidly growing global team. The company serves more than 180,000 organizations and more than 5,000 paying customers.

Previously, North Korean cyberspies targeted individual crypto companies. However, this recent attack signals a shift in their focus, now targeting companies that can provide access to multiple sources of digital currencies. The exact number of companies affected remains unspecified.

JumpCloud acknowledged the breach in a blog post, attributing the attack to a “sophisticated nation-state sponsored threat actor” but did not disclose specific details about the perpetrator or affected customers.

Cybersecurity firm CrowdStrike Holdings confirmed that “Labyrinth Chollima”, a notorious North Korean hacker squad, was behind the breach. Adam Meyers, the company’s senior vice president of intelligence, noted that these hackers have a history of targeting cryptocurrency entities.

The JumpCloud intrusion is part of a series of recent breaches that demonstrate North Korea’s proficiency in “supply chain attacks,” according to an independent investigation by cybersecurity researcher Tom Hegel. Despite North Korea refusing to stage digital currency thefts, substantial evidence, including UN reports, contradicts these claims.

JumpCloud’s Chief Information Security Officer (CISO), Bob Phan, reported that the first detected anomalous activity occurred on June 27, 2023 and can be traced back to a phishing campaign initiated by the threat actor on June 22, 2023.

By July 5, 2023, JumpCloud discovered unusual activity in its command framework for a small group of customers, resulting in the reset of all management API keys and notification of affected customers.

In response to the attack, JumpCloud has pledged to improve its security measures to protect its customers from future threats. The company will continue to work closely with government and industry partners to share information related to this threat.

The attack vector used by anonymous state-backed hackers has been mitigated and law enforcement has been notified of the attack.

Image Source: Shutterstock