Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

JumpCloud Says Sophisticated Nation-State Hackers Targeted Specific Customers

JumpCloud says a sophisticated nation-state threat actor breached its systems, targeting specific customers.

Directory, identity, and access management solutions provider JumpCloud has disclosed customer impact following a nation-state cyberattack.

After resetting customer API keys on July 5, the company revealed last week that the security measure was triggered as part of its response to a cyberattack perpetrated by a “sophisticated nation-state sponsored threat actor”. The threat actor or the country allegedly sponsoring it have not been named. 

The attack started on June 22 with a spear-phishing campaign that led to unauthorized access to a specific area of JumpCloud’s infrastructure.

After discovering anomalous activity on an internal orchestration system on June 27, the company reset credentials and took additional security measures.

On July 5, after discovering unusual activity “in the commands framework for a small set of customers”, the company reset all admin API keys and started notifying the impacted customers.

“At this point in time, we had evidence of customer impact and began working closely with the impacted customers to help them with additional security measures,” JumpCloud said.

The company’s investigation into the incident uncovered that the threat actor injected data into the company’s commands framework. According to JumpCloud, the attack vector has been mitigated.

“The analysis also confirmed suspicions that the attack was extremely targeted and limited to specific customers,” JumpCloud said, without providing information on the exact number of impacted customers.

Advertisement. Scroll to continue reading.

“These are sophisticated and persistent adversaries with advanced capabilities,” the company also noted.

JumpCloud notified law enforcement of the attack and published a list of indicators of compromise (IOCs) to help other organizations identify similar attacks.

“These are sophisticated and persistent adversaries with advanced capabilities. Our strongest line of defense is through information sharing and collaboration. That’s why it was important to us to share the details of this incident and help our partners to secure their own environments against this threat,” the company said.

SecurityWeek has emailed JumpCloud for additional information on the attack and will update this article if a reply arrives.

JumpCloud provides single sign-on, multi-factor authentication, and other cloud and device security solutions to more than 180,000 organizations.

Related: Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

Related: Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor

Related: Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.