Jul 21, 2023 - Technology

North Korean hackers linked to U.S. IT firm breach

Illustration of a blue emergency light with a cursor arrow hovering on it

Illustration: Natalie Peeples/Axios

Cloud IT provider JumpCloud confirmed Thursday that North Korean state-backed hackers broke into its systems last month.

Driving the news: Security researchers and a Reuters report warned ahead of JumpCloud's confirmation that North Korea was behind the attack, which started in late June.

  • JumpCloud said in a statement that fewer than five customers were impacted across fewer than 10 devices. The company serves more than 200,000 organizations.
  • Tom Hegel, a researcher at SentinelOne, and CrowdStrike, which has been working with JumpCloud, both concluded that a North Korean hacking group was likely behind the intrusion.
  • Reuters also reported — and incident responders at Mandiant concurred in an emailed statement — that the North Korean hackers likely targeted JumpCloud as a way of reaching its cryptocurrency customers.

Why it matters: The incident marks a departure from North Korea's direct attacks on crypto firms toward stealthier, more-advanced supply chain attacks.

  • Earlier this year, North Korean hackers also targeted video conferencing tool 3CX in a double supply chain attack to get to a handful of cryptocurrency firms.

The big picture: It's pretty common for North Korea to target cryptocurrency firms in an attempt to fund its regime.

Yes, but: So far, North Korea's supply chain attacks have failed to reach the same scale and impact as other, more notable attacks, like the Russian cyber-espionage campaign that targeted IT firm SolarWinds and affected roughly 100 companies.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper