Blog Business Entertainment Environment Health Latest News News Analysis Opinion Science Sports Technology Videos World
North Korean-Affiliated Hacker Group Named in U.S. Tech Company Breach

A security breach at U.S. I.T. management company JumpCloud has been linked to a North Korean-backed hacking group on Thursday, according to a security update on JumpCloud’s blog.


The breach, which JumpCloud believes occurred on June 22, was described as being specifically targeted. The company said less than five of their customers were impacted by the breach.


Cybersecurity company CrowdStrike identified the hackers as Labyrinth Chollima, a subgroup of the Lazarus hacking group. People familiar with the situation told Reuters the companies who were targeted were all cryptocurrency companies.


The FBI has identified Lazarus as a state-sponsored organization. The JumpCloud attack isn’t the first time the group has been involved in the theft of cryptocurrency, with the most recently known large-scale incident being the Horizon Bridge attack in June 2022.


While the Democratic People's Republic of Korea has denied allegations of organizing these digital thefts despite significant evidence of their involvement. A 2022 United Nations report obtained by Reuters claimed the country had set a record for cybertheft last year.


While tracking the exact value of the assets stolen is difficult due to the volatile nature of crypto currency, the U.N. estimated roughly $1.7 billion in assets had been stolen. An independent report from U.S. blockchain analytics firm Chainalysis also reached the same estimate with thefts connected to North Korea accounting for almost half of the $3.8 billion in cryptocurrency theft in 2022.


This number is a substantial increase from previous estimates, as in 2021 the country was believed to be linked to over $400 million in asset theft and their previously believed record being over $500 million in 2018, less than a third of the 2022 estimate. In 2019, U.S. sanction monitors believed the country had raked in nearly $2 billion through the use of cyberattacks in order to fund the country's nuclear weapons program.


The massive increase in theft-generated revenue over the last year can likely be traced to the groups’ use of a tactic called a “supply chain attack,” which targets companies like JumpCloud with access to a larger group of potential victims. In the past, hacking groups were more comfortable attacking individual companies- often through extortion via ransomware and phishing operations.


Lazarus, as well as hacker groups Kimsuky and Andariel, are just some of those believed to be under the control of North Korea’s primary intelligence bureau: the Reconnaissance General Bureau. An asset freeze on the Lazarus Group was proposed in May 2022 but blocked by a veto from China and Russia.


Cyberattacks from North Korea are far from a new phenomenon with Lazurus being one of the most prolific groups, being in operations since at least 2009. Outside of crypto asset theft the group has also been involved in more general espionage, such as being responsible for the infamous Sony hackings in 2014.


Adam Meyers, the senior vice president for intelligence at CrowdStrike, said hacking groups from Pyongyang should not be underestimated and to expect further supply chain attacks before the end of the year.

Share This Post On

Tags: cryptocurrency security theft north korea breach


Leave a comment

You need to login to leave a comment. Log-in is a Global Media House Initiative by Socialnetic Infotainment Private Limited.

TheSocialTalks was founded in 2020 as an alternative to mainstream media which is fraught with misinformation, disinformation and propaganda. We have a strong dedication to publishing authentic news that abides by the principles and ethics of journalism. We are an organisation driven by a passion for truth and justice in society.

Our team of journalists and editors from all over the world work relentlessly to deliver real stories affecting our society. To keep our operations running, We need sponsors and subscribers to our news portal. Kindly sponsor or subscribe to make it possible for us to give free access to our portal and it will help writers and our cause. It will go a long way in running our operations and publishing real news and stories about issues affecting us.

Your contributions help us to expand our organisation, making our news accessible to more everyone and deepening our impact on the media.

Support fearless and fair journalism today.