JumpCloud claims nation-state group breached systems.
Identity security company JumpCloud, with headquarters in the United States, claimed that a "sophisticated" nation-state group recently breached its systems to target a select number of customers.
After working with affected customers and reducing the attack vector, the vendor said in a blog post last week that it had decided to publish details of the security incident.
Bob Phan, the Chief Information Security Officer (CISO) of JumpCloud, reported on June 27 that on an internal orchestration system, we discovered unusual activity that we connected to a sophisticated spear-phishing campaign that the threat actor carried out on June 22.
He said Unauthorised entry was made to a particular section of our infrastructure as part of that activity. At the time, there was no evidence of a customer impact.
“We rebuilt infrastructure, rotated credentials, and took a number of other precautions to strengthen the security of our network and perimeter. We also activated our prepared incident response plan and examined all systems and logs for potential activity while collaborating with our incident response (IR) partner. We also contacted and involved law enforcement in our investigation at this time as part of our IR plan,” Phan said.
In order to help other organisations recognise similar attacks, JumpCloud published a list of indicators of compromise (IOCs) and alerted law enforcement to the attack.
“These are sophisticated and persistent adversaries with advanced capabilities. Our strongest line of defense is through information sharing and collaboration. That’s why it was important to us to share the details of this incident and help our partners to secure their own environments against this threat. We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industry partners to share information related to this threat,” Phan disclosed.
Over 180,000 organisations use JumpCloud for single sign-on, multi-factor authentication, and cloud and device security.
Have you got a news tip for our journalists? Share it with us anonymously here.
Send press releases to newsdesk@redwires.au. Other ways to contact us. Editorially, we may rewrite headlines and descriptions.
Recommend Redwires AU: Accessible News For Young Cybersecurity Aussies
Redwires AU provides Young Australians with easily accessible, curated cybersecurity news.
Before you go..
You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.
The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.
In the world we live in now, accurate and thorough reporting and analysis are becoming more and more critical. To stop the spread of false information, it's essential that everyone in Australia has access to good reporting.
The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.
Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.
Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.