A week after JumpCloud reset the API keys for impacted customers following a security incident, the company blamed the intrusion to a highly sophisticated nation-state actor. The U.S. enterprise software firm noticed suspicious activity on June 27, 2023, within an internal orchestration system, which they traced back to a spear-phishing campaign initiated by the attacker on June 22.
Although JumpCloud promptly implemented security measures like rotating credentials and rebuilding systems to safeguard their network, it wasn’t until July 5 that they detected “unusual activity” in the commands framework affecting a small group of customers. In response, the company took immediate action by forcing all admin API keys to rotate.
Read More: JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.