2024-02-02
277
1 minutes.


Cloudflare Official Post: How your server was hacked in November and what it means for your business security

Cloudflare reported that its internal Atlassian server was hacked by an attacker suspected of countering the state. As a result of the incident, the Confluence wiki, the Jira bug database, and the Bitbucket source code management system were compromised.

Hacking Cloudflare's internal Atlassian server

Gaining access to systems

Hacker gained access to the company's Atlassian server for the first time Cloudflare November 14. Subsequently, he was able to penetrate the Confluence and Jira systems.

Cloudflare Official Post How your server was hacked in November and what it means for your business security

After this, on November 22, the attacker established permanent access to the Atlassian server using ScriptRunner for Jira. He also gained access to a source control system that used Atlassian Bitbucket. Attempts to access the console server associated with Cloudflare's data center in Sao Paulo, Brazil were unsuccessful.

said Cloudflare CEO Matthew Prince, CTO John Graham-Cumming and CISO Grant Burzikas.

Using Stolen Data

The attackers used an access token and credentials stolen from an earlier attack on Okta in October 2023. This data is linked to the cybersecurity systems of large corporations. Cloudflare was reportedly unable to recover data from this attack.

Cloudflare Official Post How your server was hacked in November and what it means for your business security

Incident detection and response

On November 23, Cloudflare detected malicious activity and immediately terminated access hacker. After this, the company's cybersecurity specialists began an investigation. Work to eliminate the consequences of the incident was completed on January 5.

Cloudflare Official Post How your server was hacked in November and what it means for your business security

Cloudflare Statement

The company says the breach did not impact customer data or systems . Services and network systems were also not affected.

Cloudflare believes that the attack was carried out by an attacker against a nation state in order to gain constant and widespread access to the company's global network. During the attack, the attackers sought information about the architecture, security and management of the Cloudflare network.

Answers to questions

What information did the attacker get when hacking the Cloudflare server?

The attacker gained access to the Confluence wiki, the Jira bug database, and Cloudflare's Bitbucket source code management system.

What methods did the attacker use to ensure constant access to the Atlassian server?

The attacker used ScriptRunner for Jira to establish persistent access to Cloudflare's Atlassian server.

What steps has Cloudflare taken to address the breach?

Cloudflare rotated all production credentials, physically segmented systems, performed forensic triage of systems, created new images, and rebooted all systems in the company's global network, including all Atlassian servers (Jira , Confluence and Bitbucket) and machines accessible to the attacker.

Additional information

  • Cloudflare is a security and web traffic optimization.
  • Atlassian is a developer of software, including project and source code management systems.
  • Confluence is a wiki platform used for collaboration on documentation.
  • Jira is a project and bug management system.
  • Bitbucket is a source code management system.

Links


Copywriter Elbuz
Brief description
Cloudflare has reported that its internal Atlassian server has been hacked, causing serious security implications. Find out more about what happened and how it may affect your company.
Article Target
Provide information and advice on maintaining data security after a Cloudflare server hack
Style
Informative
Target audience
Business owners, IT specialists, anyone interested in data security and information protection


Contents:



Save a link to this article

Discussion of the topic – Cloudflare Official Post: How your server was hacked in November and what it means for your business security


Cloudflare has reported that its internal Atlassian server has been hacked, causing serious security implications. Find out more about what happened and how it may affect your company.


There are no reviews for this product.


Captcha


Next