A North Korean government-backed hacking group breached a US IT management company and used it as a springboard to target cryptocurrency companies, the company and cybersecurity experts said Thursday.
The company said in blog post.
JumpCloud did not identify the affected customers, but cybersecurity firms CrowdStrike Holdings (CRWD.O) — which is helping JumpCloud — and Alphabet-owned Mandiant (GOOGL.O) — which is helping a JumpCloud customer — both said the hackers involved are known to focus on cryptocurrency theft.
Two people familiar with the matter confirmed that the JumpCloud customers targeted by the hacks were cryptocurrency companies.
The hack shows how North Korean cyber spies, who used to be content to hunt down cryptocurrency companies piecemeal, are now taking on companies that could give them broader access to their many eventual victims – a tactic known as a “supply chain attack”.
said Tom Heigl, who works for US SentinelOne (SN) and confirmed independently Mandiant Attribution and CrowdStrike.
Pyongyang’s mission to the United Nations in New York did not respond to a request for comment. North Korea has previously denied organizing cryptocurrency theft, despite massive evidence — including UN reports — to the contrary.
CrowdStrike has identified the hackers as “Labyrinth Chollima” – one of several groups allegedly working on behalf of North Korea. Mandiant said the hackers responsible worked for North Korea’s Reconnaissance General Bureau (RGB), the main foreign intelligence agency.
CISA and the FBI declined to comment.
The hack on JumpCloud — whose products are used to help network administrators manage devices and servers — first became public earlier this month when the company emailed customers to say their credentials would change “out of an abundance of caution regarding an ongoing incident.”
In an earlier version of the blog post acknowledging the incident was a hack, JumpCloud traced the intrusion to June 27. Podcast focused on cyber security dangerous work Earlier this week, they cited two sources as saying North Korea was a suspect in the break-in.
Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is said to be responsible for some of the most daring and disruptive cyber hacks in the isolated country. Its crypto theft led to the loss of staggering sums: Blockchain analytics firm Chainalysis said last year that North Korea-linked groups stole an estimated $1.7 billionof digital cash via several hacks.
Pyongyang’s hacking teams should not be underestimated, said Adam Myers, CrowdStrike’s senior vice president of intelligence.
“I don’t think this is the last thing we will see in North Korean supply chain attacks this year,” he said.
(Reporting by Christopher Bing and Raphael Sater in Washington); Additional reporting by James Pearson in London and Michael Nichols in New York. Editing by Anna Driver, Bernadette Baume, Connor Humphreys and Margarita Choi
Our standards: Thomson Reuters Trust Principles.