Cybersecurity firm Crowdstrike officially tagged Labyrinth Chollima (which overlapped with the activities of Lazarus Group, ZINC and Black Artemis) based on evidence obtained while investigating the attack in collaboration with JumpCloud.
"One of their primary goals is to generate revenue for the regime. I don't think this is the last we'll see of North Korean supply chain attacks this year," Adam Meyers, vice president of CrowdStrike Intelligence, told
Reuters.
Mandiant also pinned the attack on a North Korean threat actor known for targeting cryptocurrency firms.
"Mandiant anticipates with high confidence that this is a cryptocurrency-focused element within the DPRK's Reconnaissance General Bureau (RGB), targeting companies in the cryptocurrency vertical to obtain evidence and intelligence data," said Austin Larsenum, senior incident response consultant.