Languagesx
English Deutsch
Subscribe
Home North Korean Hackers Are Targeting Your Cryptocurrency

North Korean Hackers Are Targeting Your Cryptocurrency

North Korean flag

In a recent cybersecurity breach, North Korea-backed hackers targeted cryptocurrency clients by infiltrating the systems of JumpCloud, a prominent U.S. enterprise software company. The breach, attributed to a sub-group of the notorious Lazarus hacking group called Labyrinth Chollima, highlights the persistent threat posed by state-sponsored cyber attacks. This article explores the details of the breach, the motivations behind North Korea’s hacking activities, and the implications for the cryptocurrency industry.

JumpCloud, a directory platform that provides authentication, authorization, and user/device management solutions for enterprises, confirmed that it experienced a breach in June. The company detected the intrusion and promptly initiated its incident response plan to mitigate the threat, secure its network, communicate with customers, and engage law enforcement. Although JumpCloud did not explicitly identify the nation behind the attack, cybersecurity researchers from Crowdstrike and SentinelOne have attributed it to North Korea-backed hackers.

Lazarus, the hacking group believed to be responsible for the JumpCloud breach, has a long history of targeting the cryptocurrency sector. This state-sponsored group has been actively tracked by cybersecurity companies since 2009 and is known for its association with North Korea’s sanctioned nuclear weapons program. Lazarus has previously targeted prominent crypto entities such as the Ronin Network and Harmony’s Horizon Bridge.

Both Crowdstrike and SentinelOne researchers have independently linked the JumpCloud breach to Lazarus. Adam Meyers, the Senior Vice President for Intelligence at Crowdstrike, stated that the group responsible for the attack is one of the most prolific adversaries associated with North Korea. Similarly, Tom Hegel, a researcher from SentinelOne, confirmed that indicators of compromise (IOCs) shared by JumpCloud are linked to a range of activities attributed to the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea.

In addition to the JumpCloud breach, North Korean hackers may also be behind a recent social engineering campaign targeting GitHub customers. GitHub, a popular platform for software development collaboration, revealed that the campaign aimed at the personal accounts of employees from technology firms associated with the blockchain, cryptocurrency, and online gambling sectors. The attack was attributed to a group operating in support of North Korean objectives, commonly tracked as TraderTraitor by the Cybersecurity and Infrastructure Security Agency (CISA).

North Korea has a history of utilizing crypto-stealing operations to finance its sanctioned nuclear weapons program. The country’s army of illicit IT workers fraudulently gain employment worldwide, generating funds to support the regime’s weapons of mass destruction programs. To counter these activities, the U.S. government has imposed sanctions on North Korea’s illicit IT workforce and is offering rewards for information that can disrupt North Korean hackers.

The JumpCloud breach impacted a small and specific set of customers, given that the company’s software is used by over 180,000 organizations and boasts more than 5,000 paying customers. While the exact details of the breach’s impact on these customers remain undisclosed, JumpCloud responded swiftly to the incident, resetting affected customers’ API keys and implementing necessary measures to secure their network and perimeter.

The targeted attacks on cryptocurrency-related entities highlight the vulnerabilities within the industry. As cryptocurrencies continue to gain popularity and value, they become attractive targets for state-sponsored hacking groups seeking financial gain or funding for illicit activities. The industry must remain vigilant and implement robust security measures to safeguard digital assets and protect users’ sensitive information.

The JumpCloud breach serves as a reminder that all organizations, regardless of their size or industry, must prioritize cybersecurity. State-sponsored hacking groups, like Lazarus, possess advanced capabilities and constantly evolve their attack techniques. It is crucial for enterprises to invest in comprehensive cybersecurity measures, including employee training, threat intelligence, vulnerability assessments, and incident response plans.

In summary, the North Korea-backed hacking incident targeting JumpCloud and subsequent attacks on cryptocurrency-related entities demonstrate the ongoing threat posed by state-sponsored cybercriminals. Lazarus, a well-known hacking group associated with North Korea, has a history of targeting the cryptocurrency sector to finance the country’s nuclear weapons program. The cryptocurrency industry must remain vigilant and adopt robust security measures to mitigate the risk of such attacks. Furthermore, all organizations should prioritize cybersecurity to protect their assets and sensitive information from state-sponsored hacking groups.

First reported on Reuters

Frequently Asked Questions

Q. What is the recent cybersecurity breach involving JumpCloud?

In a recent cybersecurity breach, North Korea-backed hackers targeted JumpCloud, a prominent U.S. enterprise software company. JumpCloud provides authentication, authorization, and user/device management solutions for enterprises. The breach involved infiltrating JumpCloud’s systems and was attributed to a sub-group of the Lazarus hacking group known as Labyrinth Chollima.

Q. What is Lazarus, and what is its history with cryptocurrency-related attacks?

Lazarus is a hacking group associated with North Korea that has been actively tracked by cybersecurity companies since 2009. The group is notorious for its association with North Korea’s sanctioned nuclear weapons program. Lazarus has a history of targeting the cryptocurrency sector to finance illicit activities and has been linked to previous attacks on crypto entities such as the Ronin Network and Harmony’s Horizon Bridge.

Q. How did researchers link the JumpCloud breach to North Korea-backed hackers?

Researchers from Crowdstrike and SentinelOne independently linked the JumpCloud breach to Lazarus, a North Korea-backed hacking group. Adam Meyers from Crowdstrike stated that the group responsible for the attack is one of the most prolific adversaries associated with North Korea. Tom Hegel from SentinelOne confirmed that indicators of compromise (IOCs) shared by JumpCloud are linked to a range of activities attributed to North Korea.

Q. What is the motivation behind North Korea’s hacking activities in the cryptocurrency sector?

North Korea has utilized crypto-stealing operations to finance its sanctioned nuclear weapons program. The country’s illicit IT workers fraudulently gain employment worldwide to generate funds for supporting the regime’s weapons of mass destruction programs. The cryptocurrency industry’s growing popularity and value make it an attractive target for state-sponsored hacking groups seeking financial gain or funding for illicit activities.

Q. How did the JumpCloud breach impact its customers?

While specific details of the breach’s impact on JumpCloud customers remain undisclosed, the company responded swiftly by resetting affected customers’ API keys and implementing necessary measures to secure their network and perimeter. The breach reportedly affected a small and specific set of customers, considering that JumpCloud’s software is used by over 180,000 organizations and has more than 5,000 paying customers.

Q. What can the cryptocurrency industry do to protect against such attacks?

The cryptocurrency industry must remain vigilant and implement robust security measures to safeguard digital assets and protect users’ sensitive information. This includes investing in comprehensive cybersecurity measures, such as employee training, threat intelligence, vulnerability assessments, and incident response plans.

Q. How can organizations protect themselves from state-sponsored hacking groups like Lazarus?

All organizations, regardless of size or industry, must prioritize cybersecurity to protect their assets and sensitive information from state-sponsored hacking groups. This includes adopting robust security measures, investing in employee training, and staying updated on the latest cybersecurity threats and attack techniques.

Q. What are the broader implications of state-sponsored cyber attacks like the one on JumpCloud?

State-sponsored cyber attacks pose a persistent threat to various industries and organizations worldwide. The JumpCloud incident highlights the need for enterprises to take proactive measures to protect against such attacks. It also underscores the importance of collaboration between the private sector and governments in countering state-sponsored cyber threats.

Featured Image Credit: Unsplash

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
John Boitnott
Tech journalist

John Boitnott was a writer at ReadWrite. Boitnott has worked at TV, print, radio and Internet companies for 25 years. He's an advisor at StartupGrind and has written for BusinessInsider, Fortune, NBC, Fast Company, Inc., Entrepreneur and Venturebeat. You can see his latest work on his blog, John Boitnott

Related News

Hackers 'steal Ready or Not developer's source code'. A hooded figure in green digital camouflage, symbolizing a hacker, holds a rifle against a backdrop of binary code.
Hackers ‘steal Ready or Not developer’s source code’
Suswati Basu
AI-inspired image of a team of Chinese hackers in a control room with the flag of China on the wall
Chinese hackers increasingly using AI to interfere in elections – report
Graeme Hanna
Man sat in bedroom on his computer at his desk
‘Millions of Americans affected by Chinese hacking plot’
Sophie Atkinson
Microsoft small-scall atomic reactors
Microsoft details update on Russian-sponsored “ongoing attack”
Graeme Hanna
An image of the Epic Games logo
Epic Games hack update – Epic has no evidence that hack is not a hoax
Paul McNally

Most Popular Tech Stories

Latest News

The Xbox Series X|S dashboard with AirPods
Gaming

How to connect AirPods to Xbox consoles
Jacob Woodward16 hours

If you’re a hardcore gamer, you’re likely using the top of the line headsets to hear every single footstep possible. However, if you’re a more casual player, maybe someone who...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.