JumpCloud Supply-Chain Attack

Fortiguard Security Advisory

What is JumpCloud?

JumpCloud is a U.S. based IT service provider that offers central access control and device management centralized user, device and application management for enterprises.

What is the Attack?

According to the advisory published by JumpCloud, an unnamed nation-state threat actor compromised the company’s systems through a spear-phishing attack in late June 2023. While the details of the attack were not released, the attack was allegedly intended to steal cryptocurrency and affected JumpCloud customers.

Why is this Significant?

This is significant because it is a new supply chain attack, following another notable supply-chain attack that hit 3CX in March of this year. While this attack is believed to be financially motivated, the perpetrators may have deployed destructive malware (ransomware, wipers, etc.) or engaged in other malicious activities.

What FortiGuard Coverage is available?

All network IOCs on the JumpCloud advisory are blocked by Webfiltering.