Cloudflare detected a threat actor on the self-hosted Atlassian server. The attack was initiated using a single stolen access token and three compromised service account credentials, which were kept the same after the Okta compromise in October 2023.
Source: GBHackers