North Korean hackers linked to U.S. IT firm breach
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Natalie Peeples/Axios
Cloud IT provider JumpCloud confirmed Thursday that North Korean state-backed hackers broke into its systems last month.
Driving the news: Security researchers and a Reuters report warned ahead of JumpCloud's confirmation that North Korea was behind the attack, which started in late June.
- JumpCloud said in a statement that fewer than five customers were impacted across fewer than 10 devices. The company serves more than 200,000 organizations.
- Tom Hegel, a researcher at SentinelOne, and CrowdStrike, which has been working with JumpCloud, both concluded that a North Korean hacking group was likely behind the intrusion.
- Reuters also reported — and incident responders at Mandiant concurred in an emailed statement — that the North Korean hackers likely targeted JumpCloud as a way of reaching its cryptocurrency customers.
Why it matters: The incident marks a departure from North Korea's direct attacks on crypto firms toward stealthier, more-advanced supply chain attacks.
- Earlier this year, North Korean hackers also targeted video conferencing tool 3CX in a double supply chain attack to get to a handful of cryptocurrency firms.
The big picture: It's pretty common for North Korea to target cryptocurrency firms in an attempt to fund its regime.
- However, previous attacks typically targeted cryptocurrency firms directly.
Yes, but: So far, North Korea's supply chain attacks have failed to reach the same scale and impact as other, more notable attacks, like the Russian cyber-espionage campaign that targeted IT firm SolarWinds and affected roughly 100 companies.
- Even the 3CX attack is believed to have affected only a handful of crypto firms.
Sign up for Axios’ cybersecurity newsletter Codebook here
