US-based enterprise software firm JumpCloud revealed a sophisticated nation-state threat actor is behind a security breach that hacked into the company’s systems to target a small and specific set of customers.
According to Bob Phan, chief information security officer at JumpCloud, the attack started on June 22 with a spear-phishing campaign, through which the intruders gained access to “a specific area of our infrastructure.” After detecting unusual activity on an internal orchestration system on June 27, JumpCloud reset credentials, rebuilt infrastructure and took a number of additional security measures.
A few days later, the company reset all admin API keys after discovering unusual activity in the commands framework for a small set of customers.
“Continued analysis uncovered the attack vector: data injection into our commands framework. The analysis also confirmed suspicions that the attack was extremely targeted and limited to specific customers,” Phan said, adding that the attack vector was mitigated.
While the company did not specify what country or the hacker group was responsible for the breach, it shared a list of Indicators of Compromise (IoCs) to help organizations detect similar intrusions.
