TechCrunch reports that U.S cloud-based directory services firm JumpCloud had its customers' API keys invalidated earlier this month due to a breach by an unspecified sophisticated state-sponsored threat operation.
Attackers launched a spear-phishing campaign against JumpCloud systems on June 22, with anomalous activity initially detected on June 27 before being identified in limited customers' commands framework on July 5, which then prompted the firm to perform a universal reset of admin API keys, according to JumpCloud Chief Information Security Officer Bob Chan.
No other details regarding the extent of the attack or the intrusion's link to nation-state threat actors have been provided but JumpCloud noted that mitigations have been done for the attack vector used in the compromise.
"We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industry partners to share information related to this threat," said Chan.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.