North Korean hackers linked to U.S. IT firm breach

Cloud IT provider JumpCloud confirmed Thursday that North Korean state-backed hackers broke into its systems last month.

Driving the news: Security researchers and a Reuters report warned ahead of JumpCloud's confirmation that North Korea was behind the attack, which started in late June.

• JumpCloud said in a statement that fewer than five customers were impacted across fewer than 10 devices. The company serves more than 200,000 organizations.
• Tom Hegel, a researcher at SentinelOne, and CrowdStrike, which has been working with JumpCloud, both concluded that a North Korean hacking group was likely behind the intrusion.
• Reuters also reported — and incident responders at Mandiant concurred in an emailed statement — that the North Korean hackers likely targeted JumpCloud as a way of reaching its cryptocurrency customers.

Why it matters: The incident marks a departure from North Korea's direct attacks on crypto firms toward stealthier, more-advanced supply chain attacks.

• Earlier this year, North Korean hackers also targeted video conferencing tool 3CX in a double supply chain attack to get to a handful of cryptocurrency firms.

The big picture: It's pretty common for North Korea to target cryptocurrency firms in an attempt to fund its regime.

• However, previous attacks typically targeted cryptocurrency firms directly.

Yes, but: So far, North Korea's supply chain attacks have failed to reach the same scale and impact as other, more notable attacks, like the Russian cyber-espionage campaign that targeted IT firm SolarWinds and affected roughly 100 companies.

• Even the 3CX attack is believed to have affected only a handful of crypto firms.

Sign up for Axios’ cybersecurity newsletter Codebook here