A major American tech firm was recently hacked by a North Korean cybercriminal ring attempting to target its crypto-based customers. In its company blog, Jumpcloud, an IT management company based in Louisville, Colorado, reported that hackers from North Korea broke into its system in late June.
North Korean Hackers Break Into Jumpcloud
While Jumpcloud wasn’t initially able to confirm details on the attack, it has now come out to share additional details. Through its investigations with American cybersecurity technology company CrowdStrike, Jumpcloud was able to determine that the hackers were from North Korea and were supported by its government.
Jumpcloud is home to more than 200,000 companies and organizations that use its IT infrastructure identity, access, security, and management functions.
But according to Reuters, two people familiar with the matter confirmed that the JumpCloud clients targeted by the hackers were only cryptocurrency companies. Jumpcloud also confirmed that less than 5 JumpCloud customers were impacted, and less than 10 devices were affected in total.
Total market cap holding steady above $1.16 trillion | Source: Crypto Total Market Cap on Tradingview.com
The Rise Of State-Sponsored Cybercrime And Crypto Theft
It is unclear at the moment how much damage was done by the hackers before the security breach was noticed, but Jumpcloud says it has taken the appropriate steps to eliminate the threat. Jumpcloud has also changed its API keys as a result of the breach.
While the attack was detected and thwarted before any major damage was done, it shows the prevalent threat of nation-state bad actors, especially North Korea, targeting crypto companies. The attack on Jumpcloud demonstrates that these cybercriminals are stepping up their game and targeting companies that can provide them with broader access to more victims.
“I don’t think this is the last we’ll see of North Korean supply chain attacks this year,” said Adam Meyers, CrowdStrike’s Senior Vice President for Intelligence.
The hacker group known as Labyrinth Chollima, is one of several groups alleged to operate on North Korea’s behalf. Another major hacking syndicate based in North Korea is the Lazarus Group, known for its daring attacks on crypto companies and projects. And these state-sponsored North Korean hackers have become adept at infiltrating foreign IT systems to steal cryptocurrency and other digital assets.
According to Chainalysis, 2022 was the biggest year for these Korean hackers, stealing an estimated $1.7 billion worth of cryptocurrency across several hacks. Most of these hacks came from breaches of DeFi protocols. In one attack alone, hundreds of millions of dollars worth of cryptocurrency were carted away from Axie Infinity, a popular blockchain-based game. However, North Korea has denied all allegations on the matter.
Featured image from Global Hackers Team, chart from Tradingview.com