Crypto theft: North Korea hackers breach US IT company to target cryptocurrency firms

A North Korean government-backed hacking group penetrated an American IT management company and used it as a springboard to target an unknown number of cryptocurrency companies, according to two sources familiar with the matter.

The hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its cryptocurrency company clients in an effort to steal digital cash, the sources said.

The hack shows how North Korean cyber spies, once content with going after crypto companies one at a time, are now tackling companies that can give them access to multiple sources of bitcoin and other digital currencies.

JumpCloud, which acknowledged the hack in a blog post last week and blamed it on a “sophisticated nation-state sponsored threat actor,” did not answer Reuters’ questions about who specifically was behind the hack and which clients were affected. Reuters could not ascertain whether any digital currency was ultimately stolen as a result of the hack.

Cybersecurity firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that “Labyrinth Chollima” – the name it gives to a particular squad of North Korean hackers – was behind the breach.

CrowdStrike Senior Vice President for Intelligence Adam Meyers declined to comment on what the hackers were seeking, but noted that they had a history of targeting cryptocurrency targets.

Discover the stories of your interest


“One of their primary objectives has been generating revenue for the regime,” he said. Pyongyang’s mission to the United Nations in New York did not immediately respond to a request for comment. North Korea has previously denied organizing digital currency heists, despite voluminous evidence – including U.N. reports – to the contrary.

Independent research backed CrowdStrike’s allegation.

Cybersecurity researcher Tom Hegel, who wasn’t involved in the investigation, told Reuters that the JumpCloud intrusion was the latest of several recent breaches that showed how the North Koreans have become adept at “supply chain attacks,” or elaborate hacks that work by compromising software or service providers in order to steal data – or money – from users downstream.

“North Korea in my opinion is really stepping up their game,” said Hegel, who works for U.S. firm SentinelOne.

In a blog post to be published Thursday, Hegel said the digital indicators published by JumpCloud tied the hackers to activity previously attributed to North Korea.

The U.S. cyber watchdog agency CISA and the FBI declined to comment.

The hack on JumpCloud – whose products are used to help network administrators manage devices and servers – first surfaced publicly earlier this month when the firm emailed customers to say their credentials would be changed “out of an abundance of caution relating to an ongoing incident.”

In the blog post that acknowledged that the incident was a hack, JumpCloud traced the intrusion back to June 27. The cybersecurity-focused podcast Risky Business earlier this week cited two sources as saying that North Korea was a suspect in the intrusion.

Labyrinth Chollima is one of North Korea’s most prolific hacking groups and is said to be responsible for some of the isolated country’s most daring and disruptive cyber intrusions. Its theft of cryptocurrency has led to the loss of eye-watering sums: Blockchain analytics firm Chainalysis said last year that North Korean-linked groups stole an estimated $1.7 billion worth of digital cash across multiple hacks.

CrowdStrike’s Meyers said Pyongyang’s hacking squads should not be underestimated.

“I don’t think this is the last we’ll see of North Korean supply chain attacks this year,” he said.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.