Tuesday, December 24, 2024
HomeCyber AttackJumpCloud Hacked - Attackers Compromised The Systems Via Spear-phishing Attack

JumpCloud Hacked – Attackers Compromised The Systems Via Spear-phishing Attack

Published on

SIEM as a Service

JumpCloud, an American commercial software company, has announced a data breach attributed to a spear phishing attack launched by a sophisticated nation-state-sponsored threat actor.

As a result, the threat actor (Nation-state) gained unauthorized access to JumpCloud systems to target a small and specific set of its customers.

Spear phishing is a type of phishing attack that targets a specific individual, organization, or business with a personalized email or message that looks authentic and comes from a trusted source.

- Advertisement - SIEM as a Service

JumpCloud’s cloud-based directory as a service platform is used to securely manage users’ identity, devices, and access across things such as VPN, Wi-Fi, Servers, and workstations.

A nation-state threat actor is a government-sponsored group that forcefully targets and gains illicit access to the networks of other governments or industry groups to steal, damage, and/or change information.

These types of attackers, in particular, go to extreme lengths to cover their tracks and make it difficult to trace their campaigns back to their country of origin. Often, they will plant “false flags” to mislead cyber investigators.

The goal of spear phishing is to get the target to reveal private information, download malware, or lose money.

On June 27 the organization discovered malicious activity in the internal system they accessed a specific area of the infrastructure but they did not find any evidence at that time about the impacts.

To avoid the potential danger, they took immediate measures to rebuild infrastructure and took a number of other actions to further secure our network and perimeter.

Also they combine with Incident Response (IR) partners to analyze the system, they also contacted law enforcement for investigation.

On July 5 at 3:35 UTC (Coordinated Universal Time) they found another unusual activity in commands frameworks.

At that time they have evidence of customer impacts so they worked with that impacted customers and help them with more security measures.

The organization decided to execute force-rotation of all admin API keys beginning on July 5 at 23:11 UTC.

They found that attackers inject the data into the command framework moreover they target only certain customers.

This incident made the organization learn to create and now share a list of IOCs (Indicators of Compromise) that we have observed for this campaign.

Also Read:

https://gbhackers.com/lazarus-attack-iis-servers
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email...