U.S. IT Firms Targeted by North Korean Hackers to Steal Cryptocurrency

A major U.S. tech company was recently hacked by a North Korean cybercriminal gang that attempted to target its cryptocurrency customers. Jumpcloud, an IT management company based in Louisville, Colorado, reported on its company blog that hackers from North Korea breached its systems in late June.

North Korean hackers broke into Jumpcloud

While Jumpcloud was initially unable to confirm the details of the attack, it has now shared more details publicly. Through an investigation with CrowdStrike, an American cybersecurity technology company, Jumpcloud determined that the hackers came from North Korea and were supported by the North Korean government.

Jumpcloud is home to more than 200,000 companies and organizations that use its IT infrastructure identity, access, security and management capabilities.

But according to Reuters, two people familiar with the matter confirmed that the JumpCloud customers targeted by the hackers were only cryptocurrency companies. Jumpcloud also confirmed that fewer than five JumpCloud customers were affected, and fewer than 10 devices in total were affected.

The Rise of State-Sponsored Cybercrime and Cryptocurrency Theft

It's unclear how much damage the hackers caused before the security breach was discovered, but Jumpcloud said it took appropriate steps to neutralize the threat. As a result of this leak, Jumpcloud also changed its API key.

While the attack was detected and thwarted before any significant damage was done, it demonstrates the widespread threat of nation-state bad actors, especially North Korea, targeting cryptocurrency companies. The attack on Jumpcloud shows that these cybercriminals are stepping up their game and targeting companies that can provide them with wider access to more victims.

"I don't think this will be the last time we see a North Korean supply chain attack this year," said Adam Meyers, senior vice president of intelligence at CrowdStrike.

The hacking group known as Labyrinth Chollima is one of several groups said to be operating on behalf of North Korea. Another major hacking group based in North Korea is the Lazarus Group, known for its bold attacks on crypto companies and projects. These state-sponsored North Korean hackers have become very good at infiltrating foreign IT systems to steal cryptocurrencies and other digital assets.

According to Chainaanalysis, 2022 will be the most important year for these South Korean hackers, with an estimated $1.7 billion worth of cryptocurrency stolen through multiple hacks. Most of these hacks come from the destruction of DeFi protocols. In one attack alone, hundreds of millions of dollars worth of cryptocurrency was stolen from Axie Infinity, a popular blockchain game. North Korea, however, has denied all allegations on the matter.