A major U.S. tech company was recently hacked by a North Korean cybercrime gang that sought to target its cryptocurrency customers. Louisville, Colorado-based IT management company Jumpcloud reported in its company blog that hackers from North Korea had penetrated its systems in late June.
North Korean hackers break into Jumpcloud
While Jumpcloud was initially unable to confirm details of the attack, it has now publicly shared more details. Through an investigation with U.S. cybersecurity technology company CrowdStrike, Jumpcloud determined that the hackers were from North Korea and were supported by the North Korean government.
Jumpcloud is home to more than 200,000 companies and organizations that use its IT infrastructure identity, access, security, and management capabilities.
But according to Reuters, two people familiar with the matter confirmed that the hackers targeted only cryptocurrency companies. Jumpcloud also confirmed that fewer than five JumpCloud customers were affected, with fewer than 10 devices affected in total.
The rise of state-sponsored cybercrime and cryptocurrency theft
It's unclear how much damage the hackers caused before the security breach was discovered, but Jumpcloud said it took appropriate steps to eliminate the threat. Jumpcloud also changed its API key as a result of the breach.
While the attack was detected and thwarted before any significant damage was done, it demonstrates the widespread threat of nation-state bad actors, particularly North Korea, targeting cryptocurrency companies. The attack on Jumpcloud shows that these cybercriminals are stepping up their game and targeting companies that can provide them with broader access to more victims.
“I don’t think this will be the last North Korean supply chain attack we see this year,” said Adam Meyers, senior vice president of intelligence at CrowdStrike.
The hacker group known as Labyrinth Chollima is one of several groups allegedly operating on behalf of North Korea. Another major hacker group based in North Korea is the Lazarus Group, which is known for its bold attacks on crypto companies and projects. These state-sponsored North Korean hackers have become very adept at infiltrating foreign IT systems to steal cryptocurrencies and other digital assets.
According to Chainaanalysis, 2022 has been a major year for these South Korean hackers, stealing an estimated $1.7 billion worth of cryptocurrency through multiple hacks. Most of these hacks came from the compromise of DeFi protocols. In one attack alone, hundreds of millions of dollars worth of cryptocurrency were stolen from Axie Infinity, a popular blockchain game. However, North Korea has denied all allegations regarding the matter.