Security News > 2022 > March > New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022.

Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta.

The authentication services provider revealed last week that on January 20, it was alerted to a new factor that was added to a Sitel customer support engineer's Okta account, an attempt that it said was successful and blocked.

The incident, which gave the threat actor access to nearly 366 Okta customers, occurred over a five-day window between January 16 and 21, during which the hackers carried out different phases of the attack, including privilege escalation after gaining an initial foothold, maintaining persistence, lateral movement, and internal reconnaissance of the network.

Okta claimed that it had shared indicators of compromise with Sitel on January 21 and that it received a summary report about the incident from Sitel only on March 17.

"Even when Okta received the Mandiant report in March explicitly detailing the attack, they continued to ignore the obvious signs that their environment was breached until LAPSUS$ shined a spotlight on their inaction," Demirkapi wrote in a tweet thread. The San Francisco-based company, in a detailed FAQ posted on March 25, acknowledged that its failure to notify its users about the breach in January was a "Mistake."

News URL

https://thehackernews.com/2022/03/new-report-on-okta-hack-reveals-entire.html