Security News > 2023 > July > North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns.
"The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News.
In a related development, CrowdStrike, which is working with JumpCloud to probe the incident, pinned the attack to a North Korean actor known as Labyrinth Chollima, a sub cluster within the infamous Lazarus Group, according to Reuters.
The malicious npm packages, per GitHub, are part of a campaign that first came to light last month, when Phylum detailed a supply chain threat involving a unique execution chain that uses a pair of fraudulent modules to fetch an unknown piece of malware from a remote server.
"The JumpCloud intrusion serves as a clear illustration of their inclination towards supply chain targeting, which yields a multitude of potential subsequent intrusions."
"The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks," Hegel added.
News URL
https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- North Korean hackers pave the way for Play ransomware (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)