Cloudflare Hacked — Company Reveals Details Of November 2023 Cyberattack, Blames Previous Okta Breach • OopsWTF

Cloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach.

The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on November 23, 2023, a threat actor accessed the company’s self-hosted Atlassian server.

Cloudflare’s security team quickly spotted the incursion and cut the attackers off. However, subsequent investigation revealed that the attackers managed to access Cloudflare’s endpoints by using credentials that were compromised in the Okta breach that happened a month earlier.

Stealing source code

For those needing a refresher, hackers broke into Okta in October 2023 and stole client session cookies, which gave them access to those companies’ networks.

They were able to do so by obtaining login credentials for Okta’s support case management system. While initially the company believed the incident affected 1% of its client base, further investigation uncovered that all of its clients were affected.

Despite limited access due to Cloudflare’s security measures, the threat actor managed to infiltrate the Atlassian environment, accessing “some documentation and a limited amount of source code”.

No customer data or systems were compromised, and Cloudflare’s Zero Trust tools helped contain lateral movement, the company further explained. The threat actor’s activity was traced from November 14 to 24, during which they accessed internal systems, performed reconnaissance, and attempted to establish persistent access. The attacker’s focus was on gaining insights into Cloudflare’s network architecture and security.

In response, Cloudflare launched a “Code Red” remediation effort, involving the rotation of over 5,000 credentials, forensic analysis of systems, and a thorough review of security protocols. Hackers were ousted on November 24, Cloudflare added, saying CrowdStrike provided independent validation of the claims.

The company believes the attack was orchestrated by a nation-state, as it was “methodical and thoughtful”, but did not say which one.

More from TechRadar Pro

https://www.techradar.com/rss

Sead Fadilpa&scaron;ić

February 2, 2024 1:51 pm

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cloudflare hacked — company reveals details of November 2023 cyberattack, blames previous Okta breach

Stealing source code

More from TechRadar Pro

Leave a ReplyCancel reply

Michael REACTS to WILD Woke Relationships Gone WRONG pt. 2

UNC Chapel Hill Defunds DEI

Getting older isn’t a bad thing

Here we go again!

Kamala Harris Drops F-Bomb at WH Event

Matt Walsh Reacts To Feminist TikToks

Michael Knowles Vs @LibsofTikTok: FACE-OFF

Ben Reacts To Woke Tiktoks | Trump Derangement

Stealing source code

More from TechRadar Pro

You May Like This --

Leave a ReplyCancel reply