JumpCloud has released more information about the data breach it suffered, saying it was orchestrated by a “sophisticated nation-state sponsored threat actor.”

JumpCloud is a Colorado-based company that provides “unified device and identity access management” services. The company began alerting customers last week of an incident that began on June 22 and was first noticed by the company on June 27.

“As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers,” writes Bob Phan, Chief Information Security Officer (CISO). “Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.”

Phan says collaboration is the key to stopping such attacks.

“These are sophisticated and persistent adversaries with advanced capabilities. Our strongest line of defense is through information sharing and collaboration. That’s why it was important to us to share the details of this incident and help our partners to secure their own environments against this threat. We will continue to enhance our own security measures to protect our customers from future threats and will work closely with our government and industry partners to share information related to this threat.”

Unfortunately, such attacks are become increasingly common amid ongoing geopolitical tensions and trade wars.