Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system.
The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then accessed the company's Confluence and Jira systems following a reconnaissance stage.
To access its systems, the attackers used one access token and three service account credentials stolen during a previous compromise linked to Okta's breach from October 2023 that Cloudflare failed to rotate.
Cloudflare detected the malicious activity on November 23, severed the hacker's access in the morning of November 24, and its cybersecurity forensics specialists began investigating the incident three days later, on November 26.
The company says that this breach did not impact Cloudflare customer data or systems; its services, global network systems, or configuration were also unaffected.
On October 18, 2023, Cloudflare's Okta instance was breached using an authentication token stolen from Okta's support system.
Following the incident, the company said that its Security Incident Response Team's quick response contained and minimized the impact on Cloudflare systems and data and that no Cloudflare customer information or systems were impacted.
Global fintech firm EquiLend offline after recent cyberattack.
Trezor support site breach exposes personal data of 66,000 customers.
TeamViewer abused to breach networks in new ransomware attacks.
US govt wants BreachForums admin sentenced to 15 years in prison.
Panasonic discloses data breach after December 2022 cyberattack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 01 Feb 2024 20:58:11 +0000