HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Government‑Backed Hackers Exploit Cloudflare Storage for Malaysian Espionage Campaign

State‑sponsored actors leveraged Cloudflare’s storage services to host hidden command‑and‑control infrastructure and steal data from Malaysian government entities, highlighting the risk of third‑party cloud abuse in supply‑chain attacks.

LiveThreat™ Intelligence · 📅 May 19, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
hackread.com

Government‑Backed Hackers Exploit Cloudflare Storage for Malaysian Espionage Campaign

What Happened — State‑sponsored actors leveraged Cloudflare’s storage platforms (R2, Workers KV) to host hidden command‑and‑control (C2) infrastructure and to exfiltrate data from targets in Malaysia. Security researchers observed anomalous traffic to Cloudflare‑hosted domains that were used to stage the espionage operation.

Why It Matters for TPRM

  • Third‑party cloud services can be repurposed as covert C2, bypassing traditional perimeter defenses.
  • Data exfiltration through legitimate cloud endpoints may evade DLP and network monitoring.
  • Reliance on a single provider without granular usage controls expands supply‑chain risk.

Who Is Affected — Government agencies and any Malaysian organizations that employ Cloudflare storage services (e.g., web applications, SaaS platforms).

Recommended Actions

  • Review contracts and security clauses with Cloudflare; ensure visibility into storage usage.
  • Enable detailed logging and alerting for Cloudflare‑origin traffic and DNS queries.
  • Deploy egress filtering and anomaly detection to spot unusual data flows to Cloudflare domains.
  • Conduct a risk assessment of all workloads that depend on Cloudflare’s edge services.

Technical Notes — Attack vector: abuse of Cloudflare storage (R2/Workers KV) for hidden C2 and data exfiltration. No specific CVE reported; the threat leveraged legitimate services rather than a software flaw. Likely exfiltrated classified or sensitive government data. Source: HackRead – Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign

📰 Original Source
https://hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

Point-in-time vendor reviews miss incidents like this.

Verisq AI Trust Operations replaces the annual questionnaire with continuous third-party monitoring — so vendor exposure becomes audit evidence, not a once-a-year guess.

See how Verisq AI Trust Operations works →