AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyber attack on Cloudflare by alleged state APT

Emergency intervention and investigation into the operations of an APT against the network security giant

Cloudflare suffered an advanced cyberattack that breached its Atlassian systems, resulting in the theft of documents and source code. They responded by replacing credentials and isolating systems.

This pill is also available in Italian language

Cloudflare recently suffered a highly specialized cyber incursion, the origin of which is alleged to be a state-led Advanced Persistent Threat (APT). The attack, which occurred between November 14 and 24, 2023 and identified on the 23rd of the same month, involved a breach of the entity's Atlassian systems, resulting in improper access to internal documents and portions of the source code.

Immediate interventions in response to the intrusion

In response to the attack, Cloudflare implemented emergency countermeasures, including replacing more than 5,000 operational credentials and physically isolating its testing and staging environments. A thorough forensic examination was conducted on 4,893 devices, followed by rebooting each individual unit into its global network infrastructure. The initial impact saw the advancement of a methodical attack: the creation of an illegitimate Atlassian account and the acquisition of a lasting presence within the servers, and then penetrating the Bitbucket system by operating the adversary simulation software Sliver.

Damage assessment and preventive measures

According to assessments, the attacker had visual access to approximately 120 repositories, proceeding to exfiltrate 76. The latter included data related to backup processes, network configuration and infrastructure maintenance, as well as corporate identity and tools such as Terraform and Kubernetes. Despite the presence of encrypted secrets within some repositories, the cryptographic keys were promptly updated as a precautionary measure. It should be noted that attempts by the APT to access a console in the non-operational data center in São Paulo were unsuccessful.

Cloudflare's organized response to the compromise

The perimeter APT compromised through credentials obtained from a previous October 2023 breach of the Okta support case management system was limited to Cloudflare's Atlassian ecosystem. By analyzing the attacker's activities across wiki pages, bug tracking database reports, and source codes examined, a clear interest in the architectural details and security mechanisms of Cloudflare's network emerges. The organization promptly neutralized each malicious connection on November 24 and enlisted the support of cybersecurity firm CrowdStrike for an in-depth investigation into how the attack occurred.

Follow us on Google News for more pills like this

02/04/2024 22:08

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data