Security News > 2023 > July > North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

An analysis of the indicators of compromise associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX. The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns.

"The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News.

In a related development, CrowdStrike, which is working with JumpCloud to probe the incident, pinned the attack to a North Korean actor known as Labyrinth Chollima, a sub cluster within the infamous Lazarus Group, according to Reuters.

The malicious npm packages, per GitHub, are part of a campaign that first came to light last month, when Phylum detailed a supply chain threat involving a unique execution chain that uses a pair of fraudulent modules to fetch an unknown piece of malware from a remote server.

"The JumpCloud intrusion serves as a clear illustration of their inclination towards supply chain targeting, which yields a multitude of potential subsequent intrusions."

"The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks," Hegel added.

News URL

https://thehackernews.com/2023/07/north-korean-state-sponsored-hackers.html