virus logo Threat Signal Report

JumpCloud Supply-Chain Attack

Description

What is JumpCloud? JumpCloud is a U.S. based IT service provider that offers central access control and device management centralized user, device and application management for enterprises.
What is the Attack? According to the advisory published by JumpCloud, an unnamed nation-state threat actor compromised the company's systems through a spear-phishing attack in late June 2023. While the details of the attack were not released, the attack was allegedly intended to steal cryptocurrency and affected JumpCloud customers.
Why is this Significant? This is significant because it is a new supply chain attack, following another notable supply-chain attack that hit 3CX in March of this year. While this attack is believed to be financially motivated, the perpetrators may have deployed destructive malware (ransomware, wipers, etc.) or engaged in other malicious activities.
What FortiGuard Coverage is available?
All network IOCs on the JumpCloud advisory are blocked by Webfiltering.

Appendix

[Security Update] Incident Details (JumpCloud)

July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud)




ID 57
Date Jul 20, 2023
Threat/
Vulnerability		 Supply-Chain Attack
Threat Actor Type Nation State
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services