Type to search

North Korea Hackers Targeted Crypto in US Tech Firm Attack

Cybersecurity experts said the government-backed “Labyrinth Chollima” hackers squad was responsible for the digital cash theft attempt

The US has seized 17 website domains allegedly used by North Korean IT workers.
Miniatures of people with computers are seen in front of North Korea flag in this illustration taken July 19, 2023. Photo: Reuters


North Korean hackers, suspected of looking to steal cryptocurrency, targeted the customers of an American IT management company.

The Pyongyang-backed hacking group penetrated servers at Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its crypto company clients in a bid to steal digital cash, the sources said.

The incident shows how North Korean cyber spies, once content with going after crypto companies one at a time, are now tackling companies that can give them access to multiple sources of bitcoin and other digital currencies.


Also on AF: Suspicion Deepens as China Quizzed Over Missing Minister Qin


JumpCloud, which acknowledged the hack in a blog post last week, blamed it on a “sophisticated nation-state sponsored threat actor”.

A JumpCloud spokesperson said fewer than five customers had been impacted but it was not revealed whether any digital currency was ultimately stolen as a result of the hack.

Cybersecurity firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that “Labyrinth Chollima” – the name it gives to a particular squad of North Korean hackers – was behind the breach.

North Korea has previously denied organising digital currency heists, despite voluminous evidence – including UN reports – to the contrary.

Cybersecurity researcher Tom Hegel said the JumpCloud intrusion was the latest of several recent breaches that showed how the North Koreans have become adept at “supply chain attacks,” or elaborate hacks that work by compromising software or service providers in order to steal data, or money, from users downstream.

“North Korea in my opinion is really stepping up their game,” said Hegel, who works for US firm SentinelOne.


Hackers Have Struck Before Says Expert

In a blog post, Hegel said the digital indicators published by JumpCloud tied the hackers to activity previously attributed to North Korea.

Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is said to be responsible for some of the isolated country’s most daring and disruptive cyber intrusions. 

Its theft of cryptocurrency has led to the loss of eye-watering sums – blockchain analytics firm Chainalysis said last year that North Korean-linked groups stole an estimated $1.7 billion worth of digital cash across multiple hacks.

CrowdStrike’s Meyers said Pyongyang’s hacking squads should not be underestimated.

“I don’t think this is the last we’ll see of North Korean supply chain attacks this year,” he said.


  • Reuters with additional editing by Sean O’Meara


Read more:

US Says China’s State Hackers Breached Government Emails

Chinese Hackers ‘Spying on Critical US Services, Guam’

North Korea Hackers Stole Crypto Worth $721 Million From Japan

Hackers Claim to Have Access to Data at Australia’s Medibank



Sean O'Meara

Sean O'Meara is an Editor at Asia Financial. He has been a newspaper man for more than 30 years, working at local, regional and national titles in the UK as a writer, sub-editor, page designer and print editor. A football, cricket and rugby fan, he has a particular interest in sports finance.


AF China Bond