JumpCloud Confirms Breach by Nation-State Hackers, Addresses Customer Concerns
JumpCloud, a leading cybersecurity company, has recently confirmed that its internal systems were breached by nation-state hackers, following speculation from its customers. In response to the incident, the company has released indicators of compromise (IoCs), which include malicious IPs and hashes, and is encouraging organizations to utilize this data for Endpoint Detection and Response (EDR) measures.
Bob Phan, Chief Information Security Officer (CISO) at JumpCloud, emphasized the importance of information sharing and collaboration in combating cyber threats. He stated, “Our strongest line of defense is through information sharing and collaboration. That’s why it was important to us to share the details of this incident and help our partners secure their own environments against this threat. We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industry partners to share information related to this threat.”
JumpCloud’s security incident unfolded on July 5, when it was discovered that an attacker had gained access to the commands framework for certain JumpCloud customers through data injection. The incident was detected at 03:35 UTC, and by 23:11 UTC, JumpCloud had rotated all admin API keys as a precautionary measure. Customers were informed about the invalidation of their API keys without divulging further specifics about the ongoing incident.
Suspicious activity on an internal system was first detected on June 27, which was later linked to a spear-phishing attack that occurred on June 22. At this stage, there was no evidence of any impact on customers, according to JumpCloud. In response, the company promptly rotated credentials, engaged incident response partners, notified law enforcement, and strengthened its infrastructure. It was during the subsequent forensic investigation that the activity associated with customers was identified.
A JumpCloud spokesperson addressed the cyber security incident, stating, “JumpCloud recently experienced a cyber security incident that impacted a small and specific set of our customers. Upon detecting the incident, we immediately took action based on our incident response plan to mitigate the threat, secure our network and perimeter, communicate with our customers, and engage law enforcement. As always, our entire JumpCloud team remains vigilant about new and emerging threats, and we are confident in our robust security controls and people. We continue to work with our customers and are committed to sharing information about this incident with government agencies and industry professionals. We appreciate our ongoing partnerships with all our customers.”