JumpCloud attributes breach to nation-state threat operation

TechCrunch reports that U.S cloud-based directory services firm JumpCloud had its customers' API keys invalidated earlier this month due to a breach by an unspecified sophisticated state-sponsored threat operation. Attackers launched a spear-phishing campaign against JumpCloud systems on June 22, with anomalous activity initially detected on June 27 before being identified in limited customers' commands framework on July 5, which then prompted the firm to perform a universal reset of admin API keys, according to JumpCloud Chief Information Security Officer Bob Chan. No other details regarding the extent of the attack or the intrusion's link to nation-state threat actors have been provided but JumpCloud noted that mitigations have been done for the attack vector used in the compromise. "We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industry partners to share information related to this threat," said Chan.