Identity and access management company JumpCloud said it reset customers’ API keys after country hackers breached its systems.
JumpCloud, a directory platform that enables enterprises to authenticate, authorize, and manage users and devices, last week notified customers that they had reset their API keys “out of an abundance of caution” due to an ongoing, but unspecified, security incident.
In a the post-mortem of the incident was made publicJumpCloud said it determined that a nation-state actor was gaining unauthorized access to its systems and was targeting a “small and specific” set of customers.
Jumpcloud has not named the state-backed group but says the threat actor is “sophisticated… with advanced capabilities.”
In its findings, JumpCloud CISO Bob Chan said anomalous activity was first detected on June 27, which was traced back to a spearphishing campaign carried out by the threat actor on June 22. impact. Two weeks later, on July 5, JumpCloud said it found unusual activity in its order framework for a small group of customers, revealing that some customers were affected. This is when the company resets all admin API keys and starts notifying affected customers.
“The analysis also confirms suspicions that the attack was highly targeted and limited to certain customers,” Chan said. The exact number of customers affected, and the types of organizations targeted, are still unknown. The company hasn’t said how it determined the nation-state hacker was behind the intrusion, and hasn’t responded to a request for comment.
JumpCloud says on its website that it provides its software to more than 180,000 organizations and counts more than 5,000 paying customers. These customers include Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance and Foursquare.
Chan added that the attack vector used by the unnamed state-backed hackers has been reduced. He added that the company notified law enforcement about the attack and published a list compromise indicator (IOC) to help other organizations identify similar attacks.
“We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industrial partners to share information regarding these threats,” Chan said.