Cloudflare Hacked by Nation-State Actor
Cloudflare, a web security and CDN company, was hacked in November 2023 by a threat actor using credentials stolen from Okta, an identity and access management provider, in a previous breach. The attacker accessed Cloudflare’s internal systems, code repositories, and AWS environment, and tried to obtain information on its network architecture and security.
Cloudflare detected and contained the attack within a day and launched a remediation effort that involved rotating over 5,000 credentials, triaging close to 5,000 systems, and reimaging and rebooting every machine within its global network. Cloudflare believes the attack was performed by a nation-state but did not name the suspected country.
Read more at SecurityWeek.