Security News > 2022 > March > Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.

"On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account ," Okta's Chief Security Officer, David Bradbury, said in a statement.

The disclosure comes after LAPSUS$ posted screenshots of Okta's apps and systems earlier this week, about two months after the hackers gain access to the company's internal network over a five-day period between January 16 and 21, 2022 using remote desktop protocol until the MFA activity was detected and the account was suspended pending further probe.

Contrary to its name, SuperUser, Okta said, is used to perform basic management functions associated with its customer tenants and operates with the principle of least privilege in mind, granting support personnel access to only those resources that are pertinent to their roles.

Okta, which has faced criticism for its delay in notifying customers about the incident, noted that it shared indicators of compromise with Sitel on January 21, which then engaged the services of an unnamed forensic firm that, in turn, went on to carry out the investigation and share its findings on March 10, 2022.

According to a timeline of events shared by the company, "Okta received a summary report about the incident from Sitel" last week on March 17, 2022.

News URL

https://thehackernews.com/2022/03/researchers-trace-lapsus-cyber-attacks.html