Security incident at Cloudflare

In November 2023, Cloudflare detected the presence of a threat actor on its Atlassian server. Following an immediate investigation, the actor's access was cut off and a collaboration with CrowdStrike's forensics team was initiated for independent analysis. Although the incident did not affect Cloudflare's customers' data or systems, due to its robust security controls, the actor was found to have accessed limited documentation and source code.

The threat actor leveraged credentials stolen during the Okta attack in October 2023 to gain access to Cloudflare's Atlassian services. Despite not gaining access to the company's global network or sensitive customer data, the actor sought information about Cloudflare's network architecture and security. After identifying and blocking the actor's access, Cloudflare launched an initiative called Code Red to further strengthen its security controls and prevent future intrusions.