The North Korean hackers known as “Labyrinth Chollima” have launched a targeted cyberattack on cryptocurrency companies through a cloud services provider called JumpCloud, as reported by Reuters on July 20. The hackers aimed to steal funds from these crypto firms, leveraging a sophisticated approach to infiltrate their systems.
According to reports, the North Korean hackers had their sights set on cryptocurrency firms using JumpCloud’s services. However, the report refrained from revealing the names of the affected companies or the exact amount of digital assets stolen.
Cybersecurity Firm Points Finger at Labyrinth Chollima
Crowdstrike, a cybersecurity firm working with Louisville, Colorado-based JumpCloud on the investigation, attributed the attack to the Labyrinth Chollima hacking group. Although Crowdstrike didn’t confirm if cryptocurrency was stolen, they noted the group’s history of targeting cryptocurrency companies.
On July 20, JumpCloud disclosed that North Korea was behind the attack and clarified that only a handful of its 200,000 corporate clients and fewer than 5 devices were affected. The attack, initially detected on June 27, was described as a “sophisticated nation-state sponsored threat actor” engaged in a spear-phishing campaign.
JumpCloud described the attackers as highly advanced and persistent adversaries with sophisticated capabilities. They injected data into JumpCloud’s command framework, resulting in a highly targeted attack on specific customers.
North Korean Hackers and Their Growing Crypto Attacks
This incident is not the first time North Korean hackers have targeted the cryptocurrency sector. They have previously been involved in attacks on crypto platforms like Axie Infinity and Harmony Bridge. According to Chainalysis estimates, North Korean groups managed to steal $1.7 billion out of $3.8 billion in overall crypto thefts in 2022.
This incident highlights the growing threat of supply chain attacks, where hackers breach a trusted third-party service provider like JumpCloud to gain access to multiple downstream targets.
Nevertheless, JumpCloud insists that it remains committed to investigating the incident in collaboration with U.S. federal law enforcement and Crowdstrike. The company emphasizes that it will keep implementing top-notch security measures and maintaining open communication with affected customers and the industry as a whole.
Cryptocurrency firms and industry participants are urged to remain vigilant, enhance security protocols, and engage in information sharing to protect against future threats from sophisticated adversaries like the Labyrinth Chollima group and other North Korean state-sponsored hackers.