Hackers attempt to breach Cloudflare
Cloudflare reported that a nation state attacker is behind the attack, which was conducted as reconnaissance.
Cloudflare has reported that a nation state attacker tried to gain access to the company’s network using stolen access tokens and credentials from an Okta breach in 2023.
As per the company, this cyberattack that occurred in November 2023, was conducted as reconnaissance and aimed at obtaining persistent and widespread access to Cloudflare’s global network.
Cloudflare’s investigations between 14-17 November 2023, showed that the attackers conducted reconnaissance and accessed the company’s internal wiki and bug database; additional access was detected on 20 and 21 November. The attackers then gained persistent access to the company’s Atlassian server on 22 November, following which they attempted to gain access to a console server that had access to a Cloudflare data centre in Brazil, which as per the company, was not yet put into production.
Cloudflare claims that the attackers were removed from the systems on 24 November. The company has created a project called Code Red to learn more about the attack to prevent such future intrusions.
In a blog post, the company assured customers that no Cloudflare customer data or systems were impacted and stressed that the threat actor’s ability to move laterally was limited due to access controls, firewall rules and use of hard security keys enforced using Cloudflare’s own zero-trust tools.