North Korean Hackers Target US IT Firm, Steal Crypto Cash

A North Korean government-backed hacking group infiltrated an American IT management company, JumpCloud, in late June and subsequently targeted its cryptocurrency clients to steal digital cash.

This highlights North Korean cyber spies' shift towards attacking multiple cryptocurrency companies simultaneously to acquire bitcoin and other digital currencies.

JumpCloud confirmed the hack but did not reveal the hackers' identity or the affected clients. Cybersecurity firm CrowdStrike Holdings confirmed that North Korean hackers, known as "Labyrinth Chollima," were responsible for the breach. The hackers have a history of targeting cryptocurrency companies to generate revenue for the regime.

Although fewer than five customers were impacted, the extent of the stolen digital currency remains unclear. Pyongyang's mission to the United Nations did not respond to comments, while North Korea previously denied organising digital currency heists, despite evidence suggesting otherwise.

Independent research supported CrowdStrike's allegation, with cybersecurity researcher Tom Hegel highlighting how North Korea has become adept at supply chain attacks, compromising software or service providers to steal data or money from users downstream.

JumpCloud's blog post revealed that the intrusion occurred on June 27, with digital indicators linking the hackers to North Korean activity. The U.S. cyber watchdog agency CISA and the FBI did not provide comments.

Labyrinth Chollima, one of North Korea’s most prolific hacking groups, has been responsible for daring and disruptive cyber intrusions, resulting in significant cryptocurrency losses. CrowdStrike's Adam Meyers warned of the possibility of more North Korean supply chain attacks in the future.

Source: REUTERS