Cloudflare Says State-Backed Hackers Tried to Burrow Into its Global Network

Internet firm Cloudflare said in a statement on Thursday that an advanced group of hackers tried to burrow deep into its global network late last year but were thwarted.

The company, which did not identify the hackers, said in a blog post that it had discovered the intruders on Thanksgiving in late November and ejected them the following day. The spies were able to access “some documentation and a limited amount of source code” but Cloudflare said the operational impact of the intrusion was “extremely limited.”

“Based on our collaboration with colleagues in the industry and government, we believe that this attack was performed by a nation state attacker with the goal of obtaining persistent and widespread access to Cloudflare’s global network.”

Cloudflare said it had called in cybersecurity firm CrowdStrike to help remediate the breach and that the company confirmed that the last evidence of “threat activity” was left on Nov. 24.

CrowdStrike did not immediately respond to a request for comment. The FBI and the American cyber watchdog agency CISA also did not immediately respond to a message seeking comment.

Cloudflare offers a suite of web and application services, including content delivery and network protection. A large chunk of the internet relies on the San Francisco-based company to deliver its web content to users, so any disruption to its network can have serious knock-on effects.