Alex Omenye
North Korean state-sponsored hackers have broken into the software company JumpCloud in order to target its Bitcoin users, Security experts reported on Thursday.
This week, JumpCloud, a directory platform that enables businesses to authenticate, authorize, and manage users and devices, revealed that a nation-state actor was responsible for the system breach that compelled it to reset its clients’ API keys in June.
JumpCloud did not identify the country of origin of the hackers, but researchers at cybersecurity firms Crowdstrike and SentinelOne identified the hackers as Lazarus, who are known to target crypto entities like the Ronin Network and Harmony’s Horizon Bridge. Lazarus is supported by North Korea.
The notorious Lazarus hacking group’s “Labyrinth Chollima,” a subgroup that was also connected to the recent supply-chain hacks on enterprise phone manufacturer 3CX, has been blamed by CrowdStrike for the JumpCloud attack.
The cybersecurity firm has been watching the hackers since 2009 and refers to them as one of its “most prolific DPRK adversaries,” according to CrowdStrike Senior Vice President for Intelligence Adam Meyers, who told Reuters that the hackers have a history of attacking people involved in the cryptocurrency industry.
Crypto-stealing operations have long been used by North Korea to finance its nuclear weapons program.
Additionally, the US State Department is offering up to $10 million in incentives for information that will stop North Korean hackers.
