Cloud tech firm Cloudflare on Thursday said that a group of hackers attempted to burrow into its global network in late 2023.

In a blog post, the company provided details on an attempted attack in and around Thanksgiving while stating that “no Cloudflare customer data or systems were impacted by this event.”

The blog post says: “From November 14 to 17, a threat actor did reconnaissance and then accessed our internal wiki (which uses Atlassian Confluence) and our bug database (Atlassian Jira). On November 20 and 21, we saw additional access indicating they may have come back to test access to ensure they had connectivity.

“They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system (which uses Atlassian Bitbucket), and tried, unsuccessfully, to access a console server that had access to the data centre that Cloudflare had not yet put into production in São Paulo, Brazil.”

The post goes on to state that the hackers achieved this by using one access token and three service account credentials that had been taken that Cloudflare had failed to rotate after an attack on IT service management firm Okta in October.

The hackers stole "some documentation and a limited amount of source code" but the firm said the impact was "extremely limited."

The November breach was carried out by suspected government spies Cloudflare said without identifying the hackers.

“This was a security incident involving a sophisticated actor, likely a nation-state, who operated in a thoughtful and methodical manner,” the blog post says. “The efforts we have taken to ensure that the ongoing impact of the incident was limited and that we are well-prepared to fend off any sophisticated attacks in the future.”

Cloudflare also said that it had called in CrowdStrike to help remediate the breach and that the last evidence of “threat activity” was on 24 November.

---