North Korean hackers change strategy to siphon cryptocurrencies

Mon 24 Jul 2023 ▪ 4 min of reading ▪ by Luc Jose A.

A group of hackers backed by the North Korean government managed to get into the system of JumpCloud, an American IT management company. They used the latter to target crypto companies with the aim of stealing digital assets. This latest case of hacking, which joins the long list of misdeeds orchestrated by North Korean hackers, has a rather different modus operandi. Should we be concerned? Find out in this article.

A hacker, crypto coins and the map of North Korea

A new approach to hacking

According to sources close to the case, North Korean hackers penetrated JumpCloud’s computer systems. The hackers used the opportunity to extract data and target the company’s customers. The aim? It remains the same: to steal cryptos.

Until now, North Korean hackers were content to rob crypto companies one by one. Now, it seems, they’re targeting companies that can give them wider access to potential victims and thus, multiple sources of digital currencies. This is their new modus operandi.

As a company offering products to help network administrators manage devices and servers, JumpCloud was the ideal target. It reported in a blog post that “less than 5 customers” were targeted by the hackers. This figure suggests that the attack was more of an experiment in preparation for larger maneuvers.

Labyrinth Chollima, the group presumed responsible for the attack

In the blog post published about the hack, JumpCloud traced the intrusion back to June 27, without naming those responsible. However, the investigation conducted by cybersecurity firm CrowdStrike Holdings points to the Labyrinth Chollima group as the perpetrator of the attack.

Labyrinth Chollima is one of the most active hacking groups in North Korea. It is believed to work for the General Reconnaissance Bureau (RGB), North Korea’s main foreign intelligence agency. As such, this group is said to be responsible for some of the most daring and disruptive cyber intrusions to come out of this isolated country.

Like Labyrinth Chollima, many hacker groups are said to be on Pyongyang’s payroll, seeking to “generate revenue for the regime”. Blockchain analysis company Chainalysis reported that last year, the total amount stolen by these groups was estimated at around $1.7 billion in digital money.

North Korea steps up its game

True to its strategy, Pyongyang’s mission to the United Nations in New York refrained from commenting on the news. It has to be said that, until now, North Korea has always denied organizing digital cryptocurrency thefts, despite the overwhelming evidence gathered against it.

Meanwhile, North Korean cyberattacks are becoming more effective and far-reaching. As cybersecurity researcher Tom Hegel told Reuters, North Korea is really stepping up its game. Its hackers have become adept at “supply chain attacks”.

So they’re organizing elaborate hacks that work by compromising software or service providers in order to steal data – or money – from downstream users. There’s every reason to believe that this won’t be the last time we see attacks on the supply chain.

All in all, the hacking of US IT company JumpCloud poses a new threat to the crypto industry. It also reopens the debate on the evolution of North Korea’s nuclear program and its impact on the rest of the world.

Maximize your Cointribune experience with our 'Read to Earn' program! Earn points for each article you read and gain access to exclusive rewards. Sign up now and start accruing benefits.

Luc Jose A. avatar
Luc Jose A.

Diplômé de Sciences Po Toulouse et titulaire d'une certification consultant blockchain délivrée par Alyra, j'ai rejoint l'aventure Cointribune en 2019. Convaincu du potentiel de la blockchain pour transformer de nombreux secteurs de l'économie, j'ai pris l'engagement de sensibiliser et d'informer le grand public sur cet écosystème en constante évolution. Mon objectif est de permettre à chacun de mieux comprendre la blockchain et de saisir les opportunités qu'elle offre. Je m'efforce chaque jour de fournir une analyse objective de l'actualité, de décrypter les tendances du marché, de relayer les dernières innovations technologiques et de mettre en perspective les enjeux économiques et sociétaux de cette révolution en marche.


The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.