The latest Lapsus $ Hack documents compare Okta’s response

In prayer since previously reported the digital extortion company Lapsus $ has broken the Okta information platform through some of the company’s subprocessors, customers and companies in the technology industry are looking for to understand the true outcome of the event. The subprocessor, Sykes Enterprises, which owns the business outsourcing company Sitel Group, confirmed to the public last week that it had received a data breach in January 2022. Meanwhile, leaked documents show the announcement Sitel’s first to customers, including Okta, on January 25, and a detailed “Intrusion Timeline” scheduled for March 17.

The documents raise critical questions about Sitel / Sykes ’state of security prior to the break -in, and they highlight the gaps identified in Okta’s response to the incident. Okta and Sitel declined to comment on the documents, which were obtained by independent security investigator Bill Demirkapi and shared with WIRED.

When the Lapsus $ company released screenshots saying it broke Okta on March 21, the company said it first received Sitel’s abuse report on March 17. But after the sit -in Witnessing for four days, Okta appeared to have been caught in the act while the hackers took public information. The company previously said, “Okta’s service is not broken.” WIRED doesn’t know the full story, but the “Intrusion Timeline” alone is likely to worry a lot for a company like October, which holds the keys to government for thousands of major companies. Okta said last week the “highest impact” of the breakout reached 366 customers.

The timeline, estimated by security researchers at Mandiant or based on data collected by the firm, shows that the Lapsus $ company was able to use the most popular and widespread hacking tools. , like the password-grabbing tool Mimikatz, to rampage. through Sitel systems. Initially, attackers were able to access the system’s capabilities to disable security monitoring devices that could quickly signal access. The timeline shows that the attackers first attacked Sykes on Jan. 16 and then increased their attack on the 19th and 20th until their last attack on the afternoon of the 21st, citing The timeline is called “Complete Mission.”

“It’s a shameful offensive season for the Sitel team,” Demirkapi said. “The attackers did not try to maintain the security of the operation. They actually searched the site on their machine which was locked for known malicious users, to remove them from the authorities.

Although Sitel and Okta were released at the end of January, it is not clear why the two groups did not receive a broad and quick response as the investigation continues. Mandiant. Mandiant declined to comment on this story.

Okta told the public that he saw suspicious activity on the Okta account of a Sykes employee on January 20 and 21 and shared the same information with Sitel at the time. Sitel’s “Customer Communication” on January 25 was a sign that it was more sinister than Okta had previously anticipated. The Sitel document describes “a… security feature in our VPN gateways, Thin Kiosks, and SRW servers.”

Related Posts

Leave a Reply

Your email address will not be published.