Cybersecurity company SentinelOne has attributed the recent JumpCloud cyberattack to North Korean advanced persistent threat (APT) actors. JumpCloud stated that a spear-phishing email campaign targeted customers on June 22. The operation allowed attackers to inject commands into JumpCloud’s framework a few weeks later.

JumpCloud stated that the attack was highly focused on a small set of customers, which is indicative of a sophisticated nation-state threat actor. SentinelOne concurred that the indicators of compromise (IoCs) are reflective of previous DPRK campaigns. JumpCloud did not specify which customers or what data was compromised. The company services over 180,000 organizations. Mandiant released a similar conclusion after researching a downstream victim of the attack. The cybersecurity firm listed the DPRK’s Reconnaissance General Bureau (RGB) as the likely culprit. The financially motivated threat actor frequently targets cryptocurrency organizations and blockchain platforms.

Read More: