Hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company's systems to target their cryptocurrency company customers in an effort to steal digital money, the sources said.
The hack shows how North Korean cyberspies, once content to go after crypto companies one at a time, are now attacking companies that can give them access to multiple sources of bitcoin and other digital currencies.
JumpCloud, which acknowledged the attack in a blog post last week and blamed a "sophisticated nation-state sponsored threat actor," did not respond to questions from Reuters about who specifically was behind the attack and which customers were affected. . Reuters was unable to determine if any digital currency was ultimately stolen as a result of the attack.
cyber security The firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that "Labyrinth Chollima", the name it gives to a particular squad of North Korean hackers, was behind the breach.
CrowdStrike's senior vice president of intelligence, Adam Meyers, declined to comment on what the hackers were looking for, but noted that they had a history of targeting cryptocurrency targets.
Discover the stories of your interest
โOne of their main goals has been to generate revenue for the regime,โ he said. Pyongyang's mission to the United Nations in New York did not immediately respond to a request for comment. North Korea has previously denied staging digital currency heists, despite voluminous evidence, including UN reports, to the contrary.
An independent investigation backed up CrowdStrike's claim.
Cybersecurity researcher Tom Hegel, who was not involved in the investigation, told Reuters the JumpCloud intrusion was the latest in several recent breaches that showed how the North Koreans have become adept at "supply chain attacks," or hacks. Elaborate ones that work by compromising software or service providers to steal data, or money, from downstream users.
"North Korea, in my opinion, is really stepping up its game," said Hegel, who works for US firm SentinelOne.
In a blog post to be published on Thursday, Hegel said digital indicators released by JumpCloud linked the hackers to activities previously attributed to North Korea.
The US cyber surveillance agency CISA and the FBI declined to comment.
The attack on JumpCloud, whose products are used to help network administrators manage devices and servers, first came to light earlier this month when the company emailed customers telling them they were changing their credentials "out of an abundance of caution in connection with an ongoing incident."
In the blog post acknowledging that the incident was a hack, JumpCloud traced the intrusion back to June 27. The Risky Business cybersecurity podcast earlier this week quoted two sources as saying North Korea was suspected of the intrusion.
Labyrinth Chollima is one of North Korea's most prolific hacking groups and is said to be responsible for some of the most daring and disruptive cyber intrusions into the isolated country. His theft of cryptocurrency has led to the loss of staggering sums: Blockchain analytics firm Chainalysis said last year that North Korea-linked groups stole an estimated $1.7 billion worth of digital cash through multiple hacks.
CrowdStrike's Meyers said Pyongyang's hacker squads should not be underestimated.
โI don't think this is the last attack on the North Korean supply chain that we will see this year,โ he said.
