North Korean hackers, suspected of looking to steal cryptocurrency, targeted the customers of an American IT management company.
The Pyongyang-backed hacking group penetrated servers at Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its crypto company clients in a bid to steal digital cash, the sources said.
The incident shows how North Korean cyber spies, once content with going after crypto companies one at a time, are now tackling companies that can give them access to multiple sources of bitcoin and other digital currencies.
JumpCloud, which acknowledged the hack in a blog post last week, blamed it on a “sophisticated nation-state sponsored threat actor”.
A JumpCloud spokesperson said fewer than five customers had been impacted but it was not revealed whether any digital currency was ultimately stolen as a result of the hack.
Cybersecurity firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that “Labyrinth Chollima” – the name it gives to a particular squad of North Korean hackers – was behind the breach.
North Korea has previously denied organising digital currency heists, despite voluminous evidence – including UN reports – to the contrary.
Cybersecurity researcher Tom Hegel said the JumpCloud intrusion was the latest of several recent breaches that showed how the North Koreans have become adept at “supply chain attacks,” or elaborate hacks that work by compromising software or service providers in order to steal data, or money, from users downstream.
“North Korea in my opinion is really stepping up their game,” said Hegel, who works for US firm SentinelOne.
Hackers Have Struck Before Says Expert
In a blog post, Hegel said the digital indicators published by JumpCloud tied the hackers to activity previously attributed to North Korea.
Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is said to be responsible for some of the isolated country’s most daring and disruptive cyber intrusions.
Its theft of cryptocurrency has led to the loss of eye-watering sums – blockchain analytics firm Chainalysis said last year that North Korean-linked groups stole an estimated $1.7 billion worth of digital cash across multiple hacks.
CrowdStrike’s Meyers said Pyongyang’s hacking squads should not be underestimated.
“I don’t think this is the last we’ll see of North Korean supply chain attacks this year,” he said.
- Reuters with additional editing by Sean O’Meara