TLDR: Cloudflare has announced that it experienced a breach in which nation-state hackers accessed its source code and internal documents. The intrusion, detected in November 2023, involved stolen credentials and was carried out by a “sophisticated” actor with the aim of obtaining widespread access to Cloudflare’s global network. As a precautionary measure, Cloudflare rotated credentials, segmented systems, and conducted forensic triages. The attack involved a four-day reconnaissance period and resulted in the exfiltration of 76 source code repositories, primarily related to how backups work, network configuration, identity management, remote access, and the use of Terraform and Kubernetes. The attack was made possible by using stolen access tokens and service account credentials associated with AWS, Atlassian Bitbucket, Moveworks, and Smartsheet, which were obtained in a hack of Okta’s support case management system. Cloudflare failed to rotate these credentials and has since terminated all malicious connections. Cybersecurity firm CrowdStrike performed an independent assessment of the incident.
Cloudflare Breach: Hackers snatch source code, infiltrate internal knowledge
Latest from News
CISA, FBI, DC3 alert: Watch out for Iran-based ransomware attacks
TLDR: CISA, FBI, and DC3 have issued an alert warning of Iran-based ransomware attacks targeting U.S. organizations. The cyber actors are connected to the
Are your funds secure with two-factor authentication? Think again
TLDR: Two-factor authentication (2FA) is a crucial tool in preventing cybercrime, but it has its limitations. While 2FA adds an extra layer of security,
Black Hat 2024 Cybersecurity Pulse Report – Don’t Miss Out
Cybersecurity Pulse Report Summary TLDR: Key Points Cybersecurity Pulse Report Black Hat 2024 Edition provides expert insights into critical security challenges. AI-driven analysis compiles
Moody’s: Cyber Insurance Competition Rises, Prices Fall
Moody’s Ratings Article Summary TLDR: Key Points: Cyber insurance market poised for growth as cyberattacks increase. New entrants in the market may lead to
Gen Alpha: Cybersecurity meets AI in a digital era
TLDR: Generation Alpha, children of Millennials, are growing up in an AI-native world where AI is an integral part of daily life. Cybersecurity in