North Korean hackers exploited shared cloud service to rob crypto firms
North Korean state hackers have exploited a cloud service provider called JumpCloud to steal funds from cryptocurrency companies that use the service, Reuters reports. July 20th.
A confidential Reuters source indicates that the North Korean state-sponsored hackers were particularly focused on cryptocurrency companies. However, the report did not disclose the names of the affected companies or the exact amount of cryptocurrency that was allegedly stolen.
Crowdstrike, a cybersecurity firm working with JumpCloud to investigate the incident, has attributed the attack to a group known as Labyrinth Chollima. A representative for CrowdStrike did not confirm whether any cryptocurrencies were stolen, but noted the group’s history of targeting cryptocurrency companies.
With the July 20th update, JumpCloud announced North Korea was the perpetrator of the attack, and fewer than 5 of its 200,000 customers and fewer than 10 devices were affected.
The company previously described a spear-phishing campaign carried out by “sophisticated state-sponsored attackers.” The company said the attack began on June 22nd and detected such activity on June 27th.
JumpCloud said it found no indication that customers were affected at the time. Nonetheless, the company updated its credentials and took additional steps to maintain security. We also contacted law enforcement. However, on July 5, the company discovered additional activity impacting customers, and customers were informed of the situation.
JumpCloud Claims Attackers Are Sophisticated
JumpCloud called the attackers “a highly capable, sophisticated and relentless adversary” and said the best defense requires information sharing.
According to JumpCloud, the attack vector involved injecting data into the command framework. The attack was found to be highly targeted and specific to specific customers. The attack generated a list of IOCs (Indicators of Compromise), shared by JumpCloud.
North Korean actors have also been implicated in other crypto attacks, including attacks against Axie Infinity and Horizon Bridge. Chainalysis estimates that North Korean groups stole $1.7 billion in 2022, while widespread crypto theft will reach $3.8 billion.
An article about North Korean hackers abusing a shared cloud service to rob a cryptocurrency company first appeared on CryptoSlate.
