Cloudflare Security Incident: A Detailed Analysis
Cloudflare, a leading internet security and performance company, recently experienced a security incident involving a threat actor gaining access to their self-hosted Atlassian server. In this blog post, we will provide a detailed analysis of the incident, including the timeline of events, the actions taken by Cloudflare to mitigate the threat, and the impact on their systems and data.
The incident started on Thanksgiving Day, November 23, 2023, when Cloudflare detected the presence of a threat actor on their Atlassian server. The security team immediately launched an investigation and cut off the threat actor’s access. On November 26, CrowdStrike’s Forensic team was brought in to conduct an independent analysis of the incident.
According to the investigation, the threat actor gained access to Cloudflare’s internal wiki and bug database using stolen credentials. They performed reconnaissance and accessed various Jira tickets and wiki pages related to the architecture, security, and management of Cloudflare’s global network. The threat actor also attempted to access a console server in Cloudflare’s new data center in São Paulo, Brazil, but their attempts were unsuccessful.
It was determined that the stolen credentials were not rotated after the Okta compromise in October 2023. This oversight allowed the threat actor to establish persistent access to Cloudflare’s Atlassian server. However, due to Cloudflare’s access controls, firewall rules, and use of hard security keys enforced using their Zero Trust tools, the threat actor’s ability to move laterally and compromise other systems was limited.
Cloudflare emphasizes that no customer data or systems were impacted by this incident. The threat actor’s access was restricted to the Atlassian environment, and no
注意
- この記事はAI(gpt-3.5-turbo)によって自動生成されたものです。
- この記事はHackerNewsに掲載された下記の記事を元に作成されています。
Cloudflare Thanksgiving 2023 Security Incident - 自動生成された記事の内容に問題があると思われる場合にはコメント欄にてご連絡ください。