back to article JumpCloud says 'nation state' gang hit some customers

JumpCloud says a "sophisticated nation-state" attacker broke into its IT systems and targeted some of its customers. The identity and access management provider, particularly popular with sysadmins wrangling Macs on corporate networks, said it first discovered signs of an intrusion on June 27. The biz at the time determined …

  1. Michael Hoffmann Silver badge
    Meh

    At least JC is dealing with this in a pretty open and exemplary manner, as frustrating (yet another one?) as it is. Though I'm still waiting for the first notification: so far, it's only been through the tech media.

    I've used them for years, not the least because I love their "free for up to 10 users" policy. Unlike others (looking at you, Okta)

  2. ChoHag Silver badge

    Sophisticated attacker? Did they forget to change the default passwords?

  3. Bitsminer Silver badge

    spear-fishing

    The notion of "network architect" is seriously undermined by the placement of any kind of email client anywhere near a prized, central corporate asset such as an authentication service.

    Especially if that service is your actual business.

    There are no words.

  4. Anonymous Coward
    Terminator

    Sophisticated spear-phishing campaign?

    Sophisticated spear-phishing campaign: someone emailed management and tricked them into clicking on a malicous weblink or opening a compromised email attachment.

    JumpCloud .. rotated its credentials, rebuilt the compromised infrastructure, and "took a number of other actions to further secure our network and perimeter"

    In this day-and-age best not to have a perimeter. Have all users log-in through a VPN using credentials residing on a hardware dongle.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like