An American IT management company was compromised by a cyber organization funded by the North Korean government, which then used it as a launching pad to attack Bitcoin companies.
The development was confirmed by Tom Hegel, who works for U.S. firm SentinelOne in a statement seen by Kayefi team on Friday.
JumpCloud, based in Louisville, Colorado, stated in a blog post that the hackers targeted “fewer than 5” of its customers after breaking into the company’s systems in late June.
While cybersecurity companies CrowdStrike Holdings, which is aiding JumpCloud, and Alphabet-owned Mandiant, which is assisting one of JumpCloud’s clients, both indicated the hackers involved were known to specialize in bitcoin theft, JumpCloud did not identify the customers affected.
“North Korea in my opinion is really stepping up their game,” said Hegel, who independently confirmed Mandiant and CrowdStrike’s attribution.
The hack demonstrates how North Korean cyberspies, who were previously happy to target digital currency companies one at a time, are now taking on businesses that can provide them more access to several victims downstream – a strategy known as a “supply chain attack.”
The hackers were identified by CrowdStrike as “Labyrinth Chollima”—one of numerous groups allegedly working for North Korea. The Reconnaissance General Bureau (RGB), North Korea’s main foreign intelligence agency, is where Mandiant claimed the hackers in question were employed.