Connect with us

Hi, what are you looking for?


Data Breaches

JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers

JumpCloud says a sophisticated nation-state threat actor breached its systems, targeting specific customers.

Directory, identity, and access management solutions provider JumpCloud has disclosed customer impact following a nation-state cyberattack.

After resetting customer API keys on July 5, the company revealed last week that the security measure was triggered as part of its response to a cyberattack perpetrated by a “sophisticated nation-state sponsored threat actor”. The threat actor or the country allegedly sponsoring it have not been named. 

The attack started on June 22 with a spear-phishing campaign that led to unauthorized access to a specific area of JumpCloud’s infrastructure.

After discovering anomalous activity on an internal orchestration system on June 27, the company reset credentials and took additional security measures.

On July 5, after discovering unusual activity “in the commands framework for a small set of customers”, the company reset all admin API keys and started notifying the impacted customers.

“At this point in time, we had evidence of customer impact and began working closely with the impacted customers to help them with additional security measures,” JumpCloud said.

The company’s investigation into the incident uncovered that the threat actor injected data into the company’s commands framework. According to JumpCloud, the attack vector has been mitigated.

Advertisement. Scroll to continue reading.

“The analysis also confirmed suspicions that the attack was extremely targeted and limited to specific customers,” JumpCloud said, without providing information on the exact number of impacted customers.

“These are sophisticated and persistent adversaries with advanced capabilities,” the company also noted.

JumpCloud notified law enforcement of the attack and published a list of indicators of compromise (IOCs) to help other organizations identify similar attacks.

“These are sophisticated and persistent adversaries with advanced capabilities. Our strongest line of defense is through information sharing and collaboration. That’s why it was important to us to share the details of this incident and help our partners to secure their own environments against this threat,” the company said.

SecurityWeek has emailed JumpCloud for additional information on the attack and will update this article if a reply arrives.

JumpCloud provides single sign-on, multi-factor authentication, and other cloud and device security solutions to more than 180,000 organizations.

Related: Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

Related: Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor

Related: Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.