Geopolitics Latest North Korean Hack Targeting Cryptocurrency Shows Troubling Evolution, Experts Say
July 24, 2023
A recent hack linked to North Korea has raised concerns among experts, who warn that North Korean hacking efforts are becoming more streamlined and difficult to defend against. The hack targeted a U.S. enterprise software company and was attributed to a group known as UNC4899, which operates within North Korea’s Reconnaissance General Bureau and focuses on cryptocurrency-related activities.
The North Korean Supply Chain Attack
The hack was carried out by infiltrating JumpCloud, a cloud-based IT management service company based in Colorado, with the goal of accessing crypto-related companies. After JumpCloud confirmed that North Korea was behind the attack, Google’s Mandiant conducted a detailed analysis of the malware used by the hackers. Mandiant believes that this attack is part of a larger effort by North Korean hackers to target cryptocurrency and fintech-related assets.
This attack follows another one in March, where hackers targeted financial trading software X_Trader and used it to compromise 3CX desktop communications software. Mandiant concluded that these operations demonstrate the cascading effects of targeting service providers to compromise downstream victims.
The Streamlining of North Korean Hacking Units
Mandiant’s analysis suggests that various North Korean hacking units, collectively referred to as Lazarus, are increasingly sharing tools and targeting in a more streamlined alignment. These units quickly shift their focus between different activities such as ransomware, weapons and nuclear targeting, and cryptocurrency efforts. This “streamlining” makes it challenging for defenders to track and attribute malicious activities and allows the adversary to operate stealthily and with greater speed.
Improvement in North Korean Operations
Charles Carmakal, Mandiant Consulting CTO at Google Cloud, acknowledges the noticeable improvement in North Korean operations over multiple supply chain attacks. Hackers poison legitimate software, develop and deploy custom malware onto MacOS systems, and aim to compromise companies involved in cryptocurrency. While they have found creative paths to achieve their goals, they have also made mistakes that have helped with attribution.
During the JumpCloud operation, Mandiant discovered that the hackers occasionally experienced failures in their virtual private network services, revealing the IP addresses used during the attack. Additionally, the group reused a domain associated with a previous North Korean cyber activity, providing further confirmation of their ties to the North Korean government.
Ongoing Adaptation by North Korean Hackers
Experts emphasize that North Korean threat actors are continuously evolving and exploring novel methods to infiltrate targeted networks. The JumpCloud hack is seen as evidence of their inclination towards supply chain targeting, where they meticulously select high-value targets as pivot points to conduct successful supply chain attacks.
In conclusion, the recent North Korean hack targeting a U.S. enterprise software company indicates the troubling evolution of North Korean cyber operations. Their focus on cryptocurrency and fintech-related assets, along with the streamlining and sharing of tools among different hacking units, presents a significant challenge for defenders. As North Korean hackers continue to adapt and explore new methods, organizations must enhance their cybersecurity measures, particularly in supply chain security, to mitigate the risk of being compromised.
Sources
RDNE Stock project >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- In the Crosshairs: North Korean Cyberspies Launch Attacks on GitHub Developers
- The Phenomenal Rise of OneTrust: Securing $150 Million in Funding at a Whopping $4.5 Billion Valuation
- The Rise of OneTrust: A $150 Million Investment at a $4.5 Billion Valuation
- Beware: North Korean Hackers Launch Social Engineering Attacks Against Tech Industry Workers
- The Persistent Cyber Threat: Analyzing North Korean Attackers’ Targeting of Crypto Companies
- The Rise of SIM Swapping: Examining the Case of the Los Angeles Guilty Plea
- FBI’s Cynthia Kaiser: Unveiling the War Against Ransomware
- The Expanding Threat: Moveit Hackers Rake in Millions as More Victims Come Forward
- The Undeniable Threat: Chinese Cyberspies Set their Sights on Industrial Organizations in Eastern Europe
