Cloudflare, a web security company, recently uncovered that a threat actor, potentially state-sponsored, gained unauthorized access to its internal systems using stolen credentials. The incident was discovered on November 23, and it was revealed that the attacker used compromised credentials from the 2023 Okta hack. While the attackers managed to access some internal systems, network segmentation prevented them from accessing the Okta instance and Cloudflare’s dashboard. The attackers searched for information on the Cloudflare network, viewed code repositories, and downloaded some source code but did not exfiltrate them. Cloudflare has taken steps to improve security and prevent further unauthorized access. The attack aimed to obtain information about Cloudflare’s infrastructure. A separate investigation by CrowdStrike found no evidence of additional compromise.
https://www.securityweek.com/cloudflare-hacked-by-suspected-state-sponsored-attacker/