US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.
On July 5, JumpCloud discovered “Unusual activity in the commands framework for a small set of customers” while investigating the attack and analyzing logs for signs of malicious activity in collaboration with IR partners and law enforcement.
“Continued analysis uncovered the attack vector: data injection into our commands framework. The analysis also confirmed suspicions that the attack was extremely targeted and limited to specific customers,” JumpCloud CISO Bob Phan said.
Together with the incident details shared in the advisory JumpCloud also released indicators of compromise to allow partners to secure their networks from similar attacks from the same threat group.
JumpCloud has yet to provide any information on the number of customers impacted by the attack and hasn’t linked the APT group behind the breach with a specific state.
In January, JumpCloud also investigated the potential impact of a CircleCI security incident on its customers.