Security News > 2023 > July > JumpCloud hack linked to North Korea after OPSEC mistake
A hacking unit of North Korea's Reconnaissance General Bureau was linked to the JumpCloud breach after the attackers made an operational security mistake, inadvertently exposing their real-world IP addresses.
While North Korean state hackers are known for using commercial VPN services to mask their IP addresses and actual locations, during the JumpCloud attack, the VPNs they were using failed and exposed their location in Pyongyang while connecting to a victim's network.
Apart from this OPSEC oversight, Mandiant security researchers also found attack infrastructure overlapping with previously associated hacks linked to North Korean hackers, further bolstering the attribution of the breach to North Korean hackers.
On Thursday, JumpCloud also confirmed that a North Korean APT group was behind the June breach following attribution from security researchers at SentinelOne and CrowdStrike earlier that day.
JumpCloud force-rotated all admin API keys on July 5th, one week after the hacker breached its network via a spear-phishing attack.
JumpCloud breach traced back to North Korean state hackers.