A North Korean government-backed hacking group entered a US IT management company and used it as a springboard to target an unknown number of people. cryptocurrency The companies, according to two sources familiar with the matter.
Hackers broke into Louisville, Colorado-based JumpCloud in late June and targeted customers of its cryptocurrency firm, using their access to the company’s systems in an attempt to steal. digital cash sources said.
The hack reveals how North Korean cyber spies, who were once content with going after crypto companies, are now dealing with companies that could give them access to multiple sources of bitcoin and other digital currencies.
JumpCloud, which acknowledged the hack in a blog post last week and blamed “sophisticated nation-state sponsored threat actors” for it, did not respond to Reuters questions on who specifically was behind the hack and which customers were affected. Reuters could not ascertain whether any digital currency was ultimately stolen as a result of the hack.
Cyber security firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that Labyrinth Chollima — the name it gives to a specialized squad of North Korean hackers — was behind the breach.
Adam Meyers, CrowdStrike’s senior vice president of intelligence, declined to comment on what the hackers were looking for, but said they have a history of targeting cryptocurrency targets.
“One of their primary objectives is to generate revenue for the regime,” he added.
Pyongyang’s mission to the United Nations in New York did not immediately respond to a request for comment. Despite overwhelming evidence to the contrary – including reports from the United Nations, North Korea has previously denied organizing digital currency heists.
Independent research supported CrowdStrike’s allegation.
Cybersecurity researcher Tom Hagel, who was not involved in the investigation, told Reuters the JumpCloud intrusion was the latest of several recent breaches, showing how the North Koreans have become adept at “supply chain attacks,” or elaborate hacks that work by compromising the system. Software or service providers to steal data – or money – from downstream users.
“North Korea is really stepping up their game in my opinion,” said Hagel, who works for US firm SentinelOne.
In a blog post published Thursday, Hagel said digital indicators published by JumpCloud previously linked the hackers to North Korean activity.
US cyber surveillance agency CISA and the FBI declined to comment.
The hack at JumpCloud – whose products are used to help network administrators manage devices and servers – first came to public notice earlier this month when the firm emailed customers to say was told that his credentials would be changed “out of extreme caution related to the ongoing incident”.
Admitting in a blog post that the incident was a hack, JumpCloud traced the intrusion to June 27. Cybersecurity-focused podcast Risky Business cited two sources earlier this week as saying that North Korea was a suspect in the intrusion.
Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is believed to be responsible for some of the most daring and disruptive cyber intrusions in the isolated country. Surprising Amounts Lost Due to Cryptocurrency Theft: Blockchain analytics firm Chainalysis said last year that groups linked to North Korea stole an estimated $1.7 billion (roughly Rs. 13,900 crores) in digital cash through multiple hacks.
CrowdStrike’s Meyers said that Pyongyang’s hacking squads should not be underestimated.
“I don’t think this will be the last attack on the North Korean supply chain this year,” he said.