North Korean hackers broke into US tech company to steal cryptocurrencies
A North Korean government-backed hacker group has allegedly breached an American IT management company, exploiting it as a launching pad to attack an undisclosed number of cryptocurrency firms.
Photo: Allbreaknews.com
A group of hackers backed by the North Korean government has reportedly infiltrated an American IT management company, using it as a stepping stone to target an unknown number of cryptocurrency companies, as reported by Reuters, citing two sources familiar with the matter.
These hackers breached JumpCloud, based in Louisville, Colorado, in late June and utilized their access to the company's systems to target the clients of their cryptocurrency business, aiming to steal digital money, according to the sources.
This hacking incident illustrates how North Korean cyber spies, once content with pursuing individual crypto companies, are now targeting entities that can provide access to various sources of bitcoin and other digital currencies.
JumpCloud, which acknowledged the hacking in a blog post last week, attributing it to a “sophisticated state-sponsored actor”, did not respond to Reuters' queries about the perpetrators behind the hacking and which clients were affected. Thus, Reuters was unable to verify whether any digital currency was stolen as a result of the breach.
Meanwhile, cybersecurity firm CrowdStrike Holdings (CRWD.O), collaborating with JumpCloud to investigate the breach, confirmed that Labyrinth Chollima – a name associated with a specific North Korean hacker group – was responsible for the breach. Independent research also supported CrowdStrike's claim.
Cybersecurity researcher Tom Hegel, who was not involved in the investigation, mentioned to Reuters that JumpCloud's intrusion was the latest in a series of prior breaches, highlighting how North Koreans have become adept at “supply chain attacks,” crafting hacks by compromising software or service providers to steal users' data or money.
