The breach first came to light on June 27 when anomalous activity was detected on an internal orchestration system. The investigation traced the incident back to a spear-phishing campaign initiated by the threat actor on June 22, which resulted in unauthorized access to a specific section of JumpCloud’s infrastructure.
