US enterprise software firm JumpCloud says a state-backed hacking group breached its systems nearly a month ago in a highly targeted attack focused on a limited set of customers .

The company discovered the incident on June 27, a week after attackers penetrated its systems via a spear-phishing attack.

Although JumpCloud found no evidence that its customers were affected at the time, the company decided to rotate credentials and rebuild the compromised infrastructure.

On July 5, JumpCloud discovered “unusual order activity for a small group of customers” while investigating the attack and analyzing logs for signs of malicious activity in conjunction with IR partners and law enforcement.

On the same day, the company forced rotation of all admin API keys to protect customer organizations and notifies them to generate new keys.

“Continued analysis revealed the attack vector: data injection into our command framework. The analysis also confirmed suspicions that the attack was highly targeted and limited to specific customers,” Bob said. Phan, CISO of JumpCloud. said.

“They are sophisticated and persistent adversaries with advanced capabilities. Our strongest line of defense is through information sharing and collaboration.”

Along with details of the incident shared in the advisory, JumpCloud also posted Indicators of Compromise (IOC) to enable partners to secure their networks against similar attacks from the same threat group.

JumpCloud has not yet provided information on the number of customers affected by the attack and has not linked the APT group causing the breach to a specific state.

“We will continue to improve our own security measures to protect our customers against future threats and will work closely with our government and industry partners to share information related to this threat,” Phan said.

In January, JumpCloud also investigated the potential impact of one CircleCI Security Incident on its customers.

Founded in 2013 and based in Louisville, Colorado, directory-as-a-service platform JumpCloud provides single and multi-factor authentication services to more than 180,000 organizations in more than 160 countries.