Hackers attacked the JumpCloud cloud platform and stole the data of its customers
How did spear phishing allow attackers to launch a targeted attack?
Company jumpcloudwhich provides identity and access management services, informed last week that last month she was the victim of an attack by hackers backed by an unknown state. The attackers used spear phishing to infiltrate JumpCloud systems and steal data from certain customers.
JumpCloud claims that the threat has been eliminated, and the attack vector that the attackers used to “target a small and specific group” of customers has already been eliminated. Unfortunately, the company did not say whether customer credentials were stolen or how large the leak was.
“After the discovery of the incident, we immediately took action in accordance with our incident response plan to mitigate the threat, secure our network and perimeter. We contacted affected customers immediately and engaged law enforcement,” JumpCloud said in a statement. “Our team remains vigilant against new threats and we have confidence in our people and security measures.”
JumpCloud reportedly first detected anomalous activity in its internal control system on June 27th. She linked it to a spear-phishing attack that took place a few days earlier on June 22. Despite no evidence of customer impact at the time, JumpCloud changed credentials, reconfigured the infrastructure, and took additional steps to harden the security of its network.
However, on July 5, the company noticed signs of an impact on its customers’ data. Then the company conducted an internal investigation and found malicious activity on the internal network, and therefore reset API-keys of all administrators. This required customers to update all third party integrations with new keys.
The gap between the intrusion and the confirmed impact on customers indicates that the attacker had access to JumpCloud systems for almost two weeks.
“These are complex and persistent adversaries with advanced capabilities,” said Bob Fan, JumpCloud’s chief information security officer. “Ongoing analysis has uncovered a major attack vector: data injection into our teams platform. The analysis also confirmed that the attack was extremely targeted and limited to specific clients,” Fan added.
JumpCloud has also shared known indicators of compromise to help affected customers self-identify malicious activity on their networks.