Hackers are increasingly employing “supply chain attacks” that give them access to multiple targets.
In these hacks, cybercriminals compromise software or service providers to steal data or money from users downstream, Tom Hegel, senior threat researcher at computer network and security firm SentinelOne, told Reuters in a report published Thursday (July 20).
One recent example is one in which North Korean state-sponsored hackers targeted an American IT management company, according to the report.
In that incident, the hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its cryptocurrency company clients, the report said.
JumpCloud said in a July 12 blog post that it had discovered activity by a nation-state sponsored threat group that gained unauthorized access to its systems to target some of its customers.
“The security threats that we face, as an industry, are unprecedented and require strong collaboration from all constituents,” the company said in the post.
Cybersecurity firm CrowdStrike confirmed that Labyrinth Chollima — the name it gives to a particular squad of North Korean hackers — was behind the breach, according to the Reuters report.
Adam Meyers, senior vice president for intelligence at CrowdStrike, said of the North Korean hacker groups, “one of their primary objectives has been generating revenue for the regime,” per the report.
North Korean hackers typically had a history of targeting individual cryptocurrency targets, but the hack targeting JumpCloud attempted to go after a provider that could give them access to multiple sources of bitcoin and other digital currencies, the report said.
Independent researchers agree with CrowdStrike’s assessment, per the report. Hegel said, “North Korea in my opinion is really stepping up their game.”
Blockchain analytics firm Chainalysis said last year that North Korean-linked groups had already stolen an estimated $1.7 billion worth of digital cash across multiple attacks, according to the report.
Industry news site Cybersecurity Dive reported in March 2022 that cyber insurance issuers were under pressure to raise premiums and tighten underwriting criteria due to these attacks.
“Insurers have had to respond to a wave of ransomware and supply chain attacks against private industry and critical infrastructure providers in the U.S. and other countries,” that report said.