Hackers Supported By North Korean Government Attack US IT Company To Steal Crypto

North Korean hackers broke into IT companies for crypto vuri. (photo: dock pexels)

JAKARTA - A hacker group backed by the North Korean government broke into an American IT management company and used it as a base to target crypto companies, according to two sources familiar with the matter.

"The hackers hacked the JumpCloud company based in Louisville, Colorado, at the end of June and used their access to the company's system to target its clients engaged in cryptocurrency in an attempt to steal digital money," the two sources told Reuters.

The hack shows how North Korea's cyber spy, which previously only targeted crypto companies one by one, is now starting to attack companies that can give them access to many bitcoin sources and other digital currencies.

JumpCloud, who acknowledged the hack in a blog post last week and blamed it on "the state-sponsored threat with a high level of difficulty," did not respond to a question from Reuters about who was behind the hack and which client was affected.

A JumpCloud spokesperson said less than five customers were affected. According to a Reuters report, they could not confirm whether digital currencies were eventually stolen as a result of the hack.

Cybersecurity firm CrowdStrike Holdings, which works with JumpCloud to investigate the hack, confirmed that "Labyrinth Chollima" - the name given to a particular North Korean hacker group - was behind the hack.

Senior Vice President of CrowdStrike for Intelligence, Adam Meyers, declined to comment on what hackers were looking for, but noted that they had a history of targeting crypto companies.

"One of their main goals is to generate revenue for the regime," he said.

North Korea's representatives to the United Nations (UN) in New York did not immediately respond to requests for comment. North Korea has previously denied organizing digital currency hacks, despite abundant evidence - including UN reports - which said otherwise. The independent research scene supports CrowdStrice's accusations.

Cybersecurity researcher Tom Hegel, who was not involved in the investigation, told Reuters that the JumpCloud hack was one of the latest hacks showing how North Korea has become skilled in "supply chain attacks," or complicated hacks that work by hacking software or service providers to steal data - or money - from users below.

"In my opinion, North Korea really stepped up its game," said Hegel, who works for US company SentinelOne.

In a blog post to be published on Thursday, July 20, Hegel said the digital indicator published by JumpCloud connects hackers with activities previously attributed to North Korea.

Meanwhile, the US cyber surveillance agency, CISA and the FBI declined to comment.

Hacking at JumpCloud - whose products are used to help network administrators manage devices and servers - first emerged to the public earlier this month when the company sent an email to customers to inform them that their credentials would be changed "as a precautionary measure regarding the ongoing incident."

In a blog post acknowledging that the incident was hacking, JumpCloud tracked the intrusion back to 27 June. The podcast, which focuses on cybersecurity, Risky Business, this week, quoted two sources as saying North Korea was a suspect in the hack.

Total Chollima is one of North Korea's most productive hacking groups and is said to be responsible for some of the boldest and annoying online cyber hacks.

The theft of cryptocurrencies by North Korea-linked groups caused enormous losses: Blockchain analytics firm Chainalysis said last year that North Korean-linked groups stole an estimated USD 1.7 billion (IDR 25.5 trillion) in digital currency through several hacks.

Meyers of CrowdStrike said Pyongyang's hacking forces should not be underestimated. "I don't think this is the last time we're going to see a supply chain attack from North Korea this year," he said.