JumpCloud, an enterprise software firm based in the United States, has revealed that its systems were breached by a state-backed hacking group nearly a month ago. The attack initially appeared to be specifically targeted towards a limited number of customers, but they aren't certain. The company became aware of the incident on June 27, a week after the attackers gained access through a spear-phishing attack.

Although there was no immediate evidence of customer impact, JumpCloud took proactive measures by rotating credentials and rebuilding compromised infrastructure. However, on July 5, during their investigation into the attack and analysis of logs in collaboration with incident response partners and law enforcement, JumpCloud discovered unusual activity in the commands framework affecting a small group of customers.

As a precautionary step, JumpCloud immediately force-rotated all admin API keys to protect customer organizations and promptly informed them to generate new keys. The company's Chief Information Security Officer (CISO), Bob Phan, acknowledged that the attack was highly targeted and confirmed suspicions that the adversaries possessed sophisticated capabilities.

Phan emphasized the importance of information sharing and collaboration as the primary defense against such threats. Alongside the incident details, JumpCloud released indicators of compromise (IOCs) to assist partners in securing their networks against future attacks from the same threat group.

JumpCloud has not disclosed the exact number of customers impacted by the breach and has refrained from attributing the APT group responsible to a specific state.

Phan stated that JumpCloud would continue enhancing its security measures to safeguard customers from future threats and would closely cooperate with government and industry partners to exchange information regarding this incident.

Earlier in January, JumpCloud also conducted an investigation into the potential impact of a security incident involving CircleCI on its customers.

Founded in 2013 and headquartered in Louisville, Colorado, JumpCloud offers a directory-as-a-service platform, providing single sign-on and multi-factor authentication services to more than 180,000 organizations across 160 countries.

We can implement aforementioned blocks on your network that protect against potential fallout from this JumpCloud hack. Click to Call or Email us and we’ll schedule a time to help you change your electronic locks.