A North Korean government-backed hacking group has been accused of penetrating an American IT management company and using it as a platform to target its cryptocurrency clients.
According to two sources familiar with the matter, the hackers infiltrated Louisville, Colorado-based JumpCloud in late June and attempted to steal digital cash from its cryptocurrency company customers.
The incident demonstrates how North Korean cyber spies, who in the past have targeted cryptocurrency companies one by one, are now using companies to access multiple sources of bitcoin and other digital currencies.
JumpCloud has confirmed that “Labyrinth Chollima”, the name CrowdStrike Holdings (CRWD.O) gives to a particular squad of North Korean hackers, was behind the breach. While the company said fewer than five customers had been impacted, it is unclear whether any digital currency was stolen as a result of the hack.
CrowdStrike Senior Vice President for Intelligence Adam Meyers noted that the hackers had a history of targeting cryptocurrency targets and said that “one of their primary objectives has been generating revenue for the regime.” Pyongyang’s mission to the United Nations in New York did not immediately respond to a request for comment.
Independent research has backed CrowdStrike’s allegation. Cybersecurity researcher Tom Hegel, who wasn’t involved in the investigation, said the JumpCloud intrusion was the latest of several recent breaches that showed how the North Koreans have become adept at “supply chain attacks”.
JumpCloud first revealed the incident earlier this month when they emailed customers to say their credentials would be changed “out of an abundance of caution relating to an ongoing incident.” In a blog post, they traced the intrusion back to June 27.
CrowdStrike and the FBI have declined to comment. Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is said to be responsible for some of the isolated country’s most daring and disruptive cyber intrusions. Blockchain analytics firm Chainalysis said last year that North Korean-linked groups had stolen an estimated $1.7 billion worth of digital cash across multiple hacks.
Meyers warned that Pyongyang’s hacking squads should not be underestimated and said that “I don’t think this is the last we’ll see of North Korean supply chain attacks this year.”
Reporting by Christopher Bing and Raphael Satter in Washington, additional reporting by James Pearson in London and Michelle Nichols in New York, and editing by