Hackers backed by the North Korean state hacked into the systems of U.S. company JumpCloud to attack its cryptocurrency customers.

JumpCloud, which develops a directory platform for authenticating, authorizing and managing users and devices, said this week that a state-sponsored actor was behind the hack of its systems in June, forcing the company to reset customers’ API keys.

While JumpCloud did not name a specific country, researchers at CrowdStrike and SentinelOne today attributed the hack to a North Korean hacker called Lazarus, known for attacking cryptocurrency organizations such as Harmony’s Ronin Network and Horizon Bridge. Incident response specialists at Mandiant have also attributed the hack to a North Korean group.

CrowdStrike links the JumpCloud attack to “Labyrinth Chollima,” a subgroup of the infamous Lazarus hacking group that has also been linked to recent supply chain attacks targeting enterprise phone maker 3CX. The hackers, whom the cybersecurity company has been tracking since 2009 and calls some of the DPRK’s “most active adversaries,” have a history of targeting individuals associated with the cryptocurrency sector. North Korea has long used cryptocurrency theft operations to fund its sanctioned nuclear weapons program.