North Korean hackers target US tech firm to steal crypto

A hacking group backed by the North Korean government breached an IT company in the US in a bid to target cryptocurrency companies, Reuters reported Thursday citing sources. 

JumpCloud, which provides identity and access management tools for enterprise devices, blamed the hacking on a “sophisticated nation-state sponsored threat actor" without naming who was behind it.

The hackers infiltrated JumpCloud last month to steal cryptocurrency by accessing the company's systems to target its clients, said the sources. 

The North Korean cyber spies are now attacking the companies through which they can access multiple sources of Bitcoin and other digital currencies.

According to a spokesperson of the IT company, the hack only impacted fewer than five customers. 

However, it was confirmed by Cybersecurity firm CrowdStrike Holdings that "Labyrinth Chollima" — which is a North Korean hacking group — was behind the attack. 

"One of their primary objectives has been generating revenue for the regime," said Adam Meyers, who is the senior vice president of CrowdStrike. 

Their allegation was also supported by independent research.

This was the latest intrusion by North Korean hackers, showing how they have become at “supply chain attacks" or elaborate hacks, cybersecurity researcher Tom Hegel told Reuters. 

“North Korea in my opinion is really stepping up their game,” said Hegel. 

Labyrinth Chollima is one of the most prolific hacking groups in North Korea and is said to have breached some of the most daring and disruptive cyber intrusions.

Chainalysis, which is a blockchain analytics firm, said last year that North Korean-linked groups stole about $1.7 billion worth of digital cash with several hacks.