NK hackers breached US IT company in bid to steal crypto
2024-09-22 05:20:53 [行业动态] 来源:Anhui News
GettyImages |
A North Korean government-backed hacking group penetrated an American IT management company and used it as a springboard to target cryptocurrency companies, according to two sources familiar with the matter.
The hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company's systems to target its cryptocurrency company clients in an effort to steal digital cash, the sources said.
The hack shows how North Korean cyber spies, once content with going after crypto companies one at a time, are now tackling companies that can give them access to multiple sources of bitcoin and other digital currencies. JumpCloud, which acknowledged the hack in a blog post last week and blamed it on a "sophisticated nation-state sponsored threat actor," did not respond to Reuters' questions about who was behind the hack and which clients were affected.
A JumpCloud spokesperson said fewer than five customers had been impacted. Reuters could not ascertain whether any digital currency was ultimately stolen as a result of the hack.
Cybersecurity firm CrowdStrike Holdings, which is working with JumpCloud to investigate the breach, confirmed that "Labyrinth Chollima" ― the name it gives to a particular squad of North Korean hackers ― was behind the breach.
CrowdStrike Senior Vice President for Intelligence Adam Meyers declined to comment on what the hackers were seeking, but noted that they had a history of targeting cryptocurrency.
Jumpcloud logo and binary codes are seen in this illustration taken July 19. Reuters-Yonhap |
"One of their primary objectives has been generating revenue for the regime," he said.
Pyongyang's mission to the United Nations in New York did not immediately respond to a request for comment. North Korea has previously denied organizing digital currency heists, despite voluminous evidence ― including U.N. reports ― to the contrary.
Independent research backed CrowdStrike's allegation.
Cybersecurity researcher Tom Hegel, who wasn't involved in the investigation, told Reuters that the JumpCloud intrusion was the latest of several recent breaches that showed how the North Koreans have become adept at "supply chain attacks," or elaborate hacks that work by compromising software or service providers in order to steal data ― or money ― from users downstream.
"North Korea in my opinion is really stepping up their game," said Hegel, who works for U.S. firm SentinelOne.
Representations of cryptocurrencies are seen in this illustration, August 10, 2022. Reuters-Yonhap |
In a blog post to be published Thursday, Hegel said the digital indicators published by JumpCloud tied the hackers to activity previously attributed to North Korea.
The U.S. cyber watchdog agency CISA and the FBI declined to comment.
The hack on JumpCloud ― whose products are used to help network administrators manage devices and servers ― first surfaced publicly earlier this month when the firm emailed customers to say their credentials would be changed "out of an abundance of caution relating to an ongoing incident."
In the blog post that acknowledged that the incident was a hack, JumpCloud traced the intrusion back to June 27. The cybersecurity-focused podcast Risky Business earlier this week cited two sources as saying that North Korea was a suspect in the intrusion.
Labyrinth Chollima is one of North Korea's most prolific hacking groups and is said to be responsible for some of the isolated country's most daring and disruptive cyber intrusions. Its theft of cryptocurrency has led to the loss of eye-watering sums: Blockchain analytics firm Chainalysis said last year that North Korean-linked groups stole an estimated 2.17 trillion won ($1.7 billion) worth of digital cash across multiple hacks.
In a statement sent to Reuters following this article's publication, Mandiant, a U.S. cybersecurity company owned by Google, said that they were currently assisting a "downstream victim" of JumpCloud and had also determined the hackers responsible worked for North Korea's Reconnaissance General Bureau, the country's primary foreign intelligence agency.
CrowdStrike's Meyers said Pyongyang's hacking squads should not be underestimated.
"I don't think this is the last we'll see of North Korean supply chain attacks this year," he said. (Reuters)
(责任编辑:关于我们)
推荐文章
-
10 Places to Get to Know Paul Bunyan
Paul Bunyan, a larger-than-life lumberjack with super-human strength, was a character created by Can ...[详细] -
本报讯近日,天全县召开“转作风、树新风、作表率、抓落实”专项行动征求意见座谈会。会上,与会人员围绕如何深入开展“转作树作抓”专项行动、优化营商环境、落实县委确定的年度重点工作任务,以及大熊猫国家公园建 ...[详细]
-
本周末将迎来春节过后的第一个小长假——清明节小长假。虽然曾有电影在三四月异军突起,获得过好的票房成绩,但也只是昙花一现,清明档期从来没有形成气候。今年的清明节档期,电影市场与前 ...[详细]
-
缁i煹鑼堕鏃楄缇 婀涘北琛楅亾寮€鍚€滈泤瓒f枃鍖栤€濈郴鍒楁椿鍔╛涓浗灞变笢缃慱闈掑矝
銆€銆€涓浗灞变笢缃戦潚宀?鏈?1鏃ヨ(璁拌€ 鍒樻窇绾 閫氳鍛 鎴樼編浼? 娣℃贰鑼堕锛屾偁鎮犳椂鍏夛紝缁扮害浣充汉锛岄泤浼氭祦鑺炽€?鏈?1鏃ヤ笅鍗堬紝婀涘北琛楅亾婀涘北绀惧尯浜屾ゼ缁e惂 ...[详细] -
Coach jailed for sexual exploitation of underage athlete
A coach for the national jump rope team was sentenced to five years in jail for his yearlong sexual ...[详细] -
本报讯4月18日下午,市委书记李酌在雅会见四川科伦药业股份有限公司董事长刘革新。双方围绕持续深化战略合作,资源共享、优势互补,在市场拓展、医药贸易、校企合作等方面共同发力,促进地企互利共赢高质量发展等 ...[详细]
-
日前,CCLE2021第四届中国教育后勤展览会在上海世博展览馆开幕。作为智慧校园建设的先行者,海尔海享汇携一站式、多品类、全场景智慧校园成套家电解决方案亮相,以智慧公寓场景、智慧洗浴场景、智慧公共场景 ...[详细]
-
缇庝附宸ヨ浜猴細绔瘹濂夌尞鏍戞鏍 纾煶璐熼噸瑙佺簿绁瀇涓浗灞变笢缃慱闈掑矝
銆€銆€濡傛灉浣犺蛋鍒扮綉鐐圭殑鏌滃彴鍓嶇粏缁嗗€惧惉锛岃窡瀹㈡埛鐨勮€愬績娌熼€氬0涓湁濂规煍鍜岀殑鍡撻煶锛涘鏋滀綘鍦ㄤ笂闂ㄦ湇鍔$殑闃熶紞閲岃鐪熷鎵撅紝澶栨嫇钀ラ攢灏忕粍涓湁濂瑰潥瀹堢殑 ...[详细] -
The AI stock bubble has burst. Here's how we know.
When you live in tech bubble central, signs of a tech bubble become easier to spot every time. Drive ...[详细] -
本周末将迎来春节过后的第一个小长假——清明节小长假。虽然曾有电影在三四月异军突起,获得过好的票房成绩,但也只是昙花一现,清明档期从来没有形成气候。今年的清明节档期,电影市场与前 ...[详细]
热点阅读