State Actor Targets JumpCloud in Spear Phishing Attack

Estimated read time 1 min read

JumpCloud, a software company providing a platform for organizations to manage users, devices, and access to IT resources, recently faced a security incident. The company has identified the incident as a state-sponsored attack targeting a small number of specific customers.

The attackers gained access to JumpCloud’s systems through a spear phishing campaign, leading to the company rotating all admin API keys as a precautionary measure.

Details of the Attack

The spear phishing campaign, which led to the breach, took place on June 22. JumpCloud detected suspicious activity on an internal system five days later, on June 27. At that point, the company reported no visible consequences for customers. As a response to the detected activity, JumpCloud decided to rebuild the affected infrastructure and change login details.

However, on July 5, the company observed suspicious activity in the “commands framework” of a small number of customers. The exact number of affected customers has not been specified by JumpCloud. Upon discovering this activity, the decision was made to rotate the API keys.


  • Get the IOC from JumpCloud (Link)
Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author