The North Korean hackers have previously targeted cryptocurrency companies. Approximately $625 million worth of cryptocurrencies was taken from a South Korean exchange in 2021 by a group of hackers.
According to the sources, in late June, hackers broke into Louisville, Colorado-based JumpCloud and used their access to the company’s infrastructure to target its clients, which were bitcoin businesses.
The hack demonstrates how North Korean cyber spies, who were previously content to target individual cryptocurrency businesses, are now attacking businesses that can provide them with access to numerous sources of bitcoin and other digital currencies.
JumpCloud, which confirmed the attack in a blog post last week and attributed it to a “sophisticated nation-state-sponsored threat actor,” did not reply to Reuters’ inquiries regarding the identity of the hack’s perpetrators or the clients who were impacted.
Less than five clients, according to a JumpCloud spokeswoman, were affected. No digital currency was ultimately stolen as a result of the breach, according to Reuters.
Security company CrowdStrike Holdings (CRWD.O), which is assisting JumpCloud in its investigation of the intrusion, has established that “Labyrinth Chollima”—the name it provides to a specific group of North Korean hackers—was responsible.
While declining to comment on what the hackers were looking for, CrowdStrike Senior Vice President for Intelligence Adam Meyers pointed out that they have a history of attacking bitcoin targets.
One of their main goals, according to him, has been to bring in money for the dictatorship.
The UN delegation from Pyongyang in New York did not respond to a request for comment. Despite overwhelming evidence, including U.N. investigations.
Independent studies supported CrowdStrike’s claim.
According to Tom Hegel, a cybersecurity expert who wasn’t involved in the investigation, the JumpCloud intrusion was the most recent of several recent breaches that demonstrated how the North Koreans have mastered “supply chain attacks,” or complex hacks that work by compromising software or service providers in order to steal data or money from users downstream.
In a blog post that will go live on Thursday, Hegel claimed that the digital hints offered by JumpCloud connected the hackers to activity that had previously been associated with North Korea.
The FBI and the American cyber watchdog CISA both declined to comment.
According to data from the blockchain analytics company Chainalysis, North Korean-affiliated entities stole an estimated $1.7 billion in digital currency last year.
The cyber teams in Pyongyang shouldn’t be underrated, according to Meyers of CrowdStrike.
He warned that North Korea’s supply chain strikes this year wouldn’t be the last.