JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor

Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor.

JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications.

The company revealed it was hit by a nation-state cyberattack that targeted specific customers.

In response to the attack, JumpCloud has invalidated existing API keys to protect its customer’s operations.

“Out of an abundance of caution relating to an ongoing incident, JumpCloud has decided to invalidate all API Keys for JumpCloud Admins,” explained the company through the support page.

The attack was uncovered by the company on June 27, but threat actors breached its network a week before via a spear-phishing campaign.

The company launched an investigation into the incident with the help of law enforcement and cybersecurity experts.

“today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure.” reads the Security Update published by the software firm on July 12, 2023. “The attack vector used by the threat actor has been mitigated.”

The investigation confirmed that the attack was extremely targeted and aimed at specific customers.

The attackers were able to inject data into JumpCloud’s commands framework.

The company created and shared a list of IOCs (Indicators of Compromise) for this attack.

“These are sophisticated and persistent adversaries with advanced capabilities.” continues the Security Update.

The JumpCloud did not attribute the attack to a specific threat actor

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, JumpCloud)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.