A North Korean government-backed hacking group penetrated an American IT management company and used it as a springboard to target an unknown number of cryptocurrency companies, according to two sources familiar with the matter.
The hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its cryptocurrency company clients in an effort to steal digital cash, the sources said.
The hack shows how North Korean cyber spies, once content with going after crypto companies one at a time, are now tackling companies that can give them access to multiple sources of bitcoin and other digital currencies.
JumpCloud, which acknowledged the hack in a blog post last week and blamed it on a “sophisticated nation-state sponsored threat actor,” did not answer Reuters’ questions about who specifically was behind the hack and which clients were affected. Reuters could not ascertain whether any digital currency was ultimately stolen as a result of the hack.
Cybersecurity firm CrowdStrike Holdings, (CRWD.O) which is working with JumpCloud to investigate the breach, confirmed that "Labyrinth Chollima" - the name it gives to a particular squad of North Korean hackers - was behind the breach.
CrowdStrike Senior Vice President for Intelligence Adam Meyers declined to comment on what the hackers were seeking, but noted that they had a history of targeting cryptocurrency targets.
Reuters
More about:
