Subj : Cloudflare hacked  company reveals details of November 2023 cyber
To   : All
From : TechnologyDaily
Date : Fri Feb 02 2024 15:00:05

Cloudflare hacked  company reveals details of November 2023 cyberattack, 
blames previous Okta breach

Date:
Fri, 02 Feb 2024 14:51:43 +0000

Description:
A nation-state threat actor used previously breached credentials to target 
Cloudflare and steal important documents.

FULL STORY
======================================================================

Cloudflare is laying the blame for the cyberattack it suffered late last year 
the after-effects of the critical Okta breach . 

The content delivery service provider has published a blog post detailing the 
cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on 
November 23, 2023, a threat actor accessed the companys self-hosted Atlassian 
server. 

Cloudflares security team quickly spotted the incursion and cut the attackers 
off. However, subsequent investigation revealed that the attackers managed to 
access Cloudflares endpoints by using credentials that were compromised in 
the Okta breach that happened a month earlier. Stealing source code 

For those needing a refresher, hackers broke into Okta in October 2023 and 
stole client session cookies, which gave them access to those companies 
networks. 

They were able to do so by obtaining login credentials for Oktas support case 
management system. While initially the company believed the incident affected 
1% of its client base, further investigation uncovered that all of its 
clients were affected. 

Despite limited access due to Cloudflare's security measures, the threat 
actor managed to infiltrate the Atlassian environment, accessing some 
documentation and a limited amount of source code. 

No customer data or systems were compromised, and Cloudflare's Zero Trust 
tools helped contain lateral movement, the company further explained. The 
threat actor's activity was traced from November 14 to 24, during which they 
accessed internal systems, performed reconnaissance, and attempted to 
establish persistent access. The attacker's focus was on gaining insights 
into Cloudflare's network architecture and security. 

In response, Cloudflare launched a "Code Red" remediation effort, involving 
the rotation of over 5,000 credentials, forensic analysis of systems, and a 
thorough review of security protocols. Hackers were ousted on November 24, 
Cloudflare added, saying CrowdStrike provided independent validation of the 
claims. 

The company believes the attack was orchestrated by a nation-state, as it was 
methodical and thoughtful, but did not say which one. More from TechRadar Pro 
CISA is now warning government agencies to patch Ivanti flaws immediately 
Here's a list of the best firewalls around today These are the best endpoint 
security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/cloudflare-hacked-company-reveals-detai
ls-of-november-2023-cyberattack-blames-previous-okta-breach


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.