Security News > 2023 > July > North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns.
"The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News.
In a related development, CrowdStrike, which is working with JumpCloud to probe the incident, pinned the attack to a North Korean actor known as Labyrinth Chollima, a sub cluster within the infamous Lazarus Group, according to Reuters.
The malicious npm packages, per GitHub, are part of a campaign that first came to light last month, when Phylum detailed a supply chain threat involving a unique execution chain that uses a pair of fraudulent modules to fetch an unknown piece of malware from a remote server.
"The JumpCloud intrusion serves as a clear illustration of their inclination towards supply chain targeting, which yields a multitude of potential subsequent intrusions."
"The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks," Hegel added.
News URL
https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html
Related news
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)