The Lapsus $ hackers used the alleged credentials to break into Sitel’s main network services in January, days before accessing the internal systems of the giant verification in October, according to documents in Noted by TechCrunch that it provides more details on the current cyber penetration. it is revealed.
Consumers only learned of the January security breach of October on March 22 after hacking group Lapsus $ published screenshots showing that it had access to the software and Okta’s internal systems two months ago. Okta agreed in a blog post, which later confirmed that 366 of its corporate customers would be affected by the breakdown, or at least 2.5% of its value.
The documents provide the most detailed account to date of Sitel’s controversy, which allowed hackers to gain access to Okta’s website.
Okta is used by thousands of companies and governments around the world as a single sign -on provider, allowing employees to seamlessly access a company’s internal systems, such as emails. , applications, archives and more.
The documents, obtained by an independent security researcher Bill Demirkapi and shared with TechCrunch, to include a Sitel customer talk posted on Jan. 25 – more than a week after hackers first disputed his site – as well as a detailed account Sitel’s entry compiled by the Mandiant response team was recorded on March 17 in the same October.
According to the documents, Sitel said it was aware of the security breach at its VPN gateways on a legacy website of Sykes, a customer service company operating for October that Sitel acquired in 2021. VPNs , or virtual private networks, is often a goal. because they can be used to remotely access a company’s website.
The timeline shows how hackers use remote access services and hacking tools that the public can modify and navigate Sitel’s website, giving in -depth insight into the site in five days. earns Lapsus $. Sitel said his Azure footprint was compromised by hackers.
According to the time, hackers entered a platform on Sitel’s internal website before January 21 called “DomAdmins-LastPass.xlsx.” The filename in the page displays the passwords for administrator accounts that were taken from the LastPass password manager by a Sitel employee.
About five hours later, hackers created a new Sykes user account and linked the account to a group of users called “hackers,” who gained access to the group. , may create a “backdoor” account on Sitel’s website that is accessible to hackers. use them if they are seen and locked. Lapsus $ hackers are hacking Okta’s network around the same time, similar to the time of Okta’s events.
The timeline shows that hackers gained access to Sitel’s website on January 21 at 2 pm (UTC), about 14 hours after accessing the database. Sitel released a business password in an attempt to lock down attackers.
Okta stood trial for failing to notify customers of Sitel’s breach after receiving Mandiant’s report dated March 17. The managing director of Okta’s David Bradbury said the industry was “moving faster to understand its consequences.”
Okta could not say when it was received before the shooting. Sitel and Mandiant did not dispute the evidence but declined to comment.
Okta is one of the biggest names in the Lapsus $ hacking and extortion group in recent months. The group Lapsus $ first appeared on the hacking site in December after Brazil’s Ministry of Health investigated a cyberattack that stole 50 terabytes of data, with the knowledge of the detention of citizens. Since then, the company has tracked down several Portuguese -language companies, as well as Big Tech companies such as Samsung, Nvidia, Microsoft and Okta, alleging that it had entered and stolen data in tens of thousands. thousands of his Telegram style, while often doing the usual things. demand that the stolen files of victims not be published;
UK police said last week they had arrested seven people involved in the events, aged between 16 and 21.
If you have more information about a breach or work on Okta or Sitel, contact the security desk at Signal at +1 646-755-8849 or [email protected] by email.