North Korean government-backed hackers breached an American IT management firm and used it to target cryptocurrency companies, stealing digital currency from over one victim, cybersecurity experts said Thursday.
The state-sponsored hackers broke into Louisville, Colorado-based JumpCloud in late June. They used their access to strike "fewer than 5" of its clients, the company said.
Experts at CrowdStrike Holdings and Mandiant said the North Korean group behind the attack is known for cryptocurrency theft. Two people confirmed the targeted JumpCloud clients were cryptocurrency firms.
The supply-chain hack shows North Korea's increasingly sophisticated tactics, security analysts said. Pyongyang has long denied conducting digital coin heists despite evidence to the contrary.
The stolen sum was not disclosed. But North Korean hacking groups are blamed for the theft of an estimated $1.7 billion in cryptocurrency across multiple major hacks last year alone, according to researcher Chainalysis.
"I don't think this is the last we'll see of North Korean supply chain attacks this year," said Adam Meyers, senior vice president at CrowdStrike.