North Korean hackers change strategy to siphon cryptocurrencies

A group of hackers backed by the North Korean government managed to get into the system of JumpCloud, an American IT management company. They used the latter to target crypto companies with the aim of stealing digital assets. This latest case of hacking, which joins the long list of misdeeds orchestrated by North Korean hackers, has a rather different modus operandi. Should we be concerned? Find out in this article.

A new approach to hacking

According to sources close to the case, North Korean hackers penetrated JumpCloud’s computer systems. The hackers used the opportunity to extract data and target the company’s customers. The aim? It remains the same: to steal cryptos.

Until now, North Korean hackers were content to rob crypto companies one by one. Now, it seems, they’re targeting companies that can give them wider access to potential victims and thus, multiple sources of digital currencies. This is their new modus operandi.

As a company offering products to help network administrators manage devices and servers, JumpCloud was the ideal target. It reported in a blog post that “less than 5 customers” were targeted by the hackers. This figure suggests that the attack was more of an experiment in preparation for larger maneuvers.

Labyrinth Chollima, the group presumed responsible for the attack

In the blog post published about the hack, JumpCloud traced the intrusion back to June 27, without naming those responsible. However, the investigation conducted by cybersecurity firm CrowdStrike Holdings points to the Labyrinth Chollima group as the perpetrator of the attack.

Labyrinth Chollima is one of the most active hacking groups in North Korea. It is believed to work for the General Reconnaissance Bureau (RGB), North Korea’s main foreign intelligence agency. As such, this group is said to be responsible for some of the most daring and disruptive cyber intrusions to come out of this isolated country.

Like Labyrinth Chollima, many hacker groups are said to be on Pyongyang’s payroll, seeking to “generate revenue for the regime”. Blockchain analysis company Chainalysis reported that last year, the total amount stolen by these groups was estimated at around $1.7 billion in digital money.

North Korea steps up its game

True to its strategy, Pyongyang’s mission to the United Nations in New York refrained from commenting on the news. It has to be said that, until now, North Korea has always denied organizing digital cryptocurrency thefts, despite the overwhelming evidence gathered against it.

Meanwhile, North Korean cyberattacks are becoming more effective and far-reaching. As cybersecurity researcher Tom Hegel told Reuters, North Korea is really stepping up its game. Its hackers have become adept at “supply chain attacks”.

So they’re organizing elaborate hacks that work by compromising software or service providers in order to steal data – or money – from downstream users. There’s every reason to believe that this won’t be the last time we see attacks on the supply chain.

All in all, the hacking of US IT company JumpCloud poses a new threat to the crypto industry. It also reopens the debate on the evolution of North Korea’s nuclear program and its impact on the rest of the world.