The group sent JumpCloud customers an email asking them to change their credentials as part of an “ongoing incident.”
North Korean Hackers Stepping up Their Game
Colorado-based JumpCloud acknowledged the Labyrinth breach last week, tracing it back to June 27. It is working with cybersecurity firm CrowdStrike Holdings to uncover details of the hack.
So far, there have been no confirmations of actual crypto theft.
Security experts say these kinds of attacks targeting multiple companies are a new phenomenon. Previously, hackers from Pyongyang were satisfied targeting one company at a time.
Tom Hegel, a cybersecurity researcher unrelated to the investigation, said of the breach,
“North Korea in my opinion is really stepping up their game.”
On Wednesday, France’s Autorité des marchés financiers (AMF) approved Société Générale’s digital asset provider license. France’s finance watchdog requires digital asset service providers to have insurance for customer deposits or a certain percentage of capital to qualify for a license.
Labyrinth Hack May be Part of Government Plan to Fight Sanctions
Several countries and international bodies have sanctioned North Korea for its nuclear weapons program. Investigators commenting on the recent JumpCloud attack argue much of the attacks coming from North Korea steals money to fund government initiatives.
Following a temporary respite in nuclear testing brought about by the Clinton Administration’s Agreed Framework, the nation resumed nuclear testing in 2006. After that, international sanctions expanded to include financial assets and bank transactions.
Blockchain security firm Chainalysis confirmed last year that hacking groups linked to Pyongyang stole about $1.7 billion in digital cash in 2022.
North Korean Hackers Stole $1.65 Billion in Crypto in 2022 | Source: Chainalysis
While the flow of crypto funds to illicit or risky addresses fell in H1 2023, ransomware and impersonation scams grew.