Recent reports have revealed that North Korean state-sponsored hackers, known for their cybercriminal activities and involvement in cryptocurrency heists, were behind a breach of the software business JumpCloud. The attack was part of an attempted supply-chain intrusion aimed at cryptocurrency companies.
The JumpCloud Breach and Attribution
JumpCloud, a US-based enterprise software company, recently disclosed that a sophisticated nation-state-sponsored threat actor had targeted it in June. The hacker group, identified as the Lazarus Group by cybersecurity firms SentinelOne and CrowdStrike, gained access to JumpCloud’s systems through a spear-phishing attack.
Attributing the breach to North Korean hackers, SentinelOne Senior Threat Researcher Tom Hegel pointed out that the indicators of compromise (IOCs) shared by JumpCloud matched the known activity of a North Korean state-sponsored Advanced Persistent Threat (APT). CrowdStrike also formally linked the breach to Labyrinth Chollima, a group with overlapping activities with Lazarus Group, ZINC, and Black Artemis.
The Lazarus Group’s Motive and History
The Lazarus Group, also known as the Lazarus APT or Hidden Cobra, has been active for over a decade, dating back to at least 2009. The group is notorious for conducting high-profile attacks against various targets, including banks, government agencies, media organizations, and cryptocurrency companies.
North Korea’s state-sponsored hacking groups have been accused of stealing billions of dollars from victims worldwide to fund the country’s nuclear missile program. The stolen funds are often derived from global cyber attacks on financial institutions and cryptocurrency exchanges.
The Rise of Supply-Chain Attacks
The JumpCloud breach is part of a broader trend in the cybersecurity landscape, where hackers are increasingly targeting the supply chain of software companies. This approach allows threat actors to compromise multiple organizations through a single entry point, leading to cascading attacks with potentially severe consequences.
The 2020 SolarWinds attack was a prime example of the devastating impact supply-chain intrusions can have. Suspected Chinese hackers exploited a vulnerability in a third-party system used by Microsoft customers, leading to data breaches at various organizations, including the U.S. government.
Concerns and Responses
Security experts warn that North Korean threat actors continuously adapt and devise novel methods to infiltrate targeted networks. The JumpCloud breach highlights their inclination towards supply chain targeting, providing many opportunities for subsequent intrusions.
The JumpCloud breach, orchestrated by North Korean state-sponsored hackers, is a stark reminder of the evolving cyber threat landscape and the importance of robust cybersecurity measures. The incident underscores the need for international cooperation to combat cybercrime and hold threat actors accountable for their actions.
