Security News > 2022 > March > Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
"On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account ," Okta's Chief Security Officer, David Bradbury, said in a statement.
The disclosure comes after LAPSUS$ posted screenshots of Okta's apps and systems earlier this week, about two months after the hackers gain access to the company's internal network over a five-day period between January 16 and 21, 2022 using remote desktop protocol until the MFA activity was detected and the account was suspended pending further probe.
Contrary to its name, SuperUser, Okta said, is used to perform basic management functions associated with its customer tenants and operates with the principle of least privilege in mind, granting support personnel access to only those resources that are pertinent to their roles.
Okta, which has faced criticism for its delay in notifying customers about the incident, noted that it shared indicators of compromise with Sitel on January 21, which then engaged the services of an unnamed forensic firm that, in turn, went on to carry out the investigation and share its findings on March 10, 2022.
According to a timeline of events shared by the company, "Okta received a summary report about the incident from Sitel" last week on March 17, 2022.
News URL
https://thehackernews.com/2022/03/researchers-trace-lapsus-cyber-attacks.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)