JumpCloud, a provider of identification and access management services, was recently targeted by hackers supported by an unknown state. The attack, which occurred last month, involved the use of targeted phishing to infiltrate the JumpCloud systems and steal data from certain customers.[1]
JumpCloud has stated that they have eliminated the threat and have already addressed the attack vector used by the hackers. However, the company has not disclosed whether customer accounts were stolen or the extent of the data leak.[1]
Following the discovery of the incident, JumpCloud immediately implemented their incident response plan to mitigate the threat, protect their network, and contact affected customers. They also involved law enforcement agencies in addressing the breach.[1]
On June 27, JumpCloud detected abnormal activity in its internal control system. This was connected to a targeted phishing attack that occurred on June 22. While there was no evidence of customer impact initially, JumpCloud took proactive measures to strengthen their network security by changing accounting data and reconfiguring their infrastructure.[1]
However, on July 5, the company observed signs of data compromise affecting their customers. An internal investigation revealed malicious activity within the internal network, leading to the revocation of all administrator APIs. This necessitated customers to update their integrations with third parties using new keys.[1]
The fact that there was a two-week interval between the breach and the confirmed impact on customers indicates that the attackers had access to JumpCloud systems for an extended period of time.[1]
“These are complex and persistent opponents with advanced capabilities,” said Bob FAN, Chief Information Security Officer at JumpCloud. “Further analysis revealed that the main attack vector involved the injection of data into our command platform. The