US-based enterprise software program agency JumpCloud says a state-backed hacking group breached its programs virtually one month in the past as a part of a extremely focused assault centered on a restricted set of shoppers.
The corporate found the incident on June 27, one week after the attackers breached its programs by way of a spear-phishing assault.
Whereas JumpCloud didn’t discover proof that its prospects had been impacted on the time, the corporate determined to rotate credentials and rebuild compromised infrastructure.
On July 5, JumpCloud found “uncommon exercise within the instructions framework for a small set of shoppers” whereas investigating the assault and analyzing logs for indicators of malicious exercise in collaboration with IR companions and regulation enforcement.
The identical day, the corporate force-rotates all admin API keys to guard prospects’ organizations and notifies them to generate new keys.
“Continued evaluation uncovered the assault vector: information injection into our instructions framework. The evaluation additionally confirmed suspicions that the assault was extraordinarily focused and restricted to particular prospects,” JumpCloud CISO Bob Phan stated.
“These are subtle and protracted adversaries with superior capabilities. Our strongest line of protection is thru info sharing and collaboration.”
Along with the incident particulars shared within the advisory JumpCloud additionally launched indicators of compromise (IOCs) to permit companions to safe their networks from related assaults from the identical risk group.
JumpCloud has but to supply any info on the variety of prospects impacted by the assault and hasn’t linked the APT group behind the breach with a selected state.
“We are going to proceed to boost our personal safety measures to guard our prospects from future threats and can work intently with our authorities and business companions to share info associated to this risk,” Phan stated.
In January, JumpCloud additionally investigated the potential affect of a CircleCI safety incident on its prospects.
Based in 2013 and headquartered in Louisville, Colorado, the JumpCloud directory-as-a-service platform offers single sign-on and multi-factor authentication providers to over 180,000 organizations in additional than 160 international locations.
