Update: Polyfill.io, BootCDN, Bootcss, Staticfile Attack Traced to one Operator
Researchers found a public GitHub repo where the operators of Polyfill.io accidentally exposed their Cloudflare secret keys. By using these leaked API keys, they were able to confirm that a single entity was behind the attack on all four domains.