Security News > 2023 > July > JumpCloud hack linked to North Korea after OPSEC mistake
A hacking unit of North Korea's Reconnaissance General Bureau was linked to the JumpCloud breach after the attackers made an operational security mistake, inadvertently exposing their real-world IP addresses.
While North Korean state hackers are known for using commercial VPN services to mask their IP addresses and actual locations, during the JumpCloud attack, the VPNs they were using failed and exposed their location in Pyongyang while connecting to a victim's network.
Apart from this OPSEC oversight, Mandiant security researchers also found attack infrastructure overlapping with previously associated hacks linked to North Korean hackers, further bolstering the attribution of the breach to North Korean hackers.
On Thursday, JumpCloud also confirmed that a North Korean APT group was behind the June breach following attribution from security researchers at SentinelOne and CrowdStrike earlier that day.
JumpCloud force-rotated all admin API keys on July 5th, one week after the hacker breached its network via a spear-phishing attack.
JumpCloud breach traced back to North Korean state hackers.
News URL
Related news
- US govt says North Korea stole over $659 million in crypto last year (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)