Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



JumpCloud intrusion - Attacker infrastructure links compromise to North Korean APT activity

July 2023 by SentinelLabs

In recent news, the cloud-based IT management service JumpCloud publicly shared details gathered from the investigation into an intrusion on their network. Having reviewed the newly released indicators of compromise, SentinelLabs associated the cluster of threat activity to a North Korean state sponsored APT.

The indicators of compromise (IOCs) are linked to a wide variety of activity SentinelLabs attributed to the Democratic People’s Republic of Korea (DPRK), overall centric to the supply chain targeting approach seen in previous campaigns.

Additionally, based on the IOCs shared by JumpCloud, SentinelLabs were able to analyse the threat actor’s infrastructure and, by mapping it out, they showed the links between the diverse set of IP addresses and pick up various patterns.

SentinelLabs have shared their analysis in this report published today.


It is evident that North Korean threat actors are continuously adapting and exploring novel methods to infiltrate targeted networks. The JumpCloud intrusion serves as a clear illustration of their inclination towards supply chain targeting, which yields a multitude of potential subsequent intrusions. The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts