• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
jumpcloud blames 'sophisticated nation state' actor for security breach

JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach

You are here: Home / General Cyber Security News / JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach
July 18, 2023

A tiny above a 7 days after JumpCloud reset API keys of prospects impacted by a security incident, the company explained the intrusion was the perform of a complex country-point out actor.

The adversary “acquired unauthorized accessibility to our systems to concentrate on a compact and unique set of our prospects,” Bob Phan, chief info security officer (CISO) at JumpCloud, explained in a submit-mortem report. “The attack vector made use of by the threat actor has been mitigated.”

The U.S. company application organization reported it determined anomalous activity on June 27, 2023, on an inside orchestration technique, which it traced back to a spear-phishing marketing campaign mounted by the attacker on June 22.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


When JumpCloud stated it took security steps to protect its network by rotating credentials and rebuilding its units, it was not right until July 5 when it detected “abnormal activity” in the commands framework for a little established of prospects, prompting a forced-rotation of all admin API keys. The quantity of impacted shoppers was not disclosed.

Further more examination of the breach, for each the firm’s disclosure, unearthed the attack vector, which it explained as a “information injection into the instructions framework.” It also mentioned the attacks were being really specific.

JumpCloud, on the other hand, did not describe how the phishing attack it spotted in June is related to the data injection. It is at the moment not very clear if the phishing e-mails led to the deployment of malware that facilitated the attack.

Future WEBINARShield In opposition to Insider Threats: Learn SaaS Security Posture Management

Nervous about insider threats? We’ve received you included! Be part of this webinar to check out practical procedures and the strategies of proactive security with SaaS Security Posture Management.

Be a part of Currently

Added indicators of compromise (IoCs) linked with the attack displays that the adversary leveraged domains named nomadpkg[.]com and nomadpkgs[.]com, a possible reference to the Go-dependent workload orchestrator utilized to deploy and take care of containers.

“These are advanced and persistent adversaries with advanced capabilities,” Phan claimed. JumpCloud has nonetheless to expose the name and the origins of the team allegedly responsible for the incident.

Observed this article fascinating? Observe us on Twitter  and LinkedIn to browse a lot more exceptional content we publish.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «hackers exploit webapk to deceive android users into installing malicious Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps
Next Post: Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites cybercriminals exploiting woocommerce payments plugin flaw to hijack websites»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.