Security News > 2023 > July > JumpCloud breach traced back to North Korean state hackers
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike.
In a report published on Thursday, SentinelOne Senior Threat Researcher Tom Hegel linked the North Korean threat group to the JumpCloud hack based on multiple indicators of compromise shared by the company in a recent incident report.
"Reviewing the newly released indicators of compromise, we associate the cluster of threat activity to a North Korean state sponsored APT," said Hegel.
Cybersecurity firm CrowdStrike also formally tagged Labyrinth Chollima as the particular North Korean hacking squad behind the breach based on evidence found while investigating the attack in collaboration with JumpCloud.
As of now, JumpCloud has not disclosed the number of customers impacted by the attack and has not attributed the APT group behind the breach to a specific state.
JumpCloud discloses breach by state-backed APT hacking group.
News URL
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)