Close Menu
    Facebook X (Twitter) Instagram
    Nintendo-Power
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Nintendo-Power
    Home»Top News»Lapsus $’s Okta Hack … a real walk in the park
    Top News

    Lapsus $’s Okta Hack … a real walk in the park

    Beatrice AshfordBy Beatrice AshfordMarch 30, 2022No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Lapsus $'s Okta Hack ... a real walk in the park
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Outsourcing part of your information system is not always a good idea, especially if the security of a third party company is poor. Hacking Okta will, in this perspective, become a textbook case. We already know that Lapsus $ hackers have set foot on the platform through Sitel, an Okta subcontractor. Security Analyst Bill Demigabi has now received a Sitel-appointed forensic report from Mandiant and a breach notice sent by the company to its clients and associates.

    This announcement was shared with Wired and TechCrunch. Indicates that hackers had early access through a VPN gateway provided by Sykes, a subsidiary acquired in 2021. Hackers were able to steal the user’s access to this network service. You can read the sequence of events in the forensic report released by Bill Demigaby on Twitter. We found out that it was a real walk in the park.

    The first link was added on January 16th and the last on January 21st. In between, the hackers progressed step by step, but without really worrying about operational security. Thus, they used the Internet connection of the compromised workstations to download the hacking tools they needed on GitHub. Download and run Process Explorer and Process Hacker software to detect and disable local FireEye security software. They downloaded and operated Mimikatz software to collect authenticated tokens stored locally and increase their access privileges. This allowed them to access other machines in the network.

    In one machine – the stroke of luck – they found an Excel sheet with administrator passwords! It was data export from Lastpass Password Manager. Using this information, hackers were able to quietly create their own admin account, after which they could log in. In other words, it was a backdoor. The journey ended unhindered by enforcing the rule of sending certain email accounts to accounts controlled by hackers. Being informed is always good.

    Also watch the video:

    After looking at these documents, Bill Demicopy places his finger on the sore spot. Why didn’t Okta start an investigation immediately in January? Why did he not move even after receiving Saital’s forensic report in March? Why are Sitel customers not notified immediately? These embarrassing questions obviously did not please Zoom, his boss, who asked him to withdraw his tweets. He was fired because he did not want to accept this condition.

    proof’s: Wired, Tech Crunch

    Beatrice Ashford

    Beatrice Ashford is a contributor at Nintendo-power.com, covering a wide range of topics including news, politics, business, technology, sport, entertainment, and lifestyle. She focuses on delivering clear, balanced reporting and useful information that helps readers stay informed about current events and emerging developments. Her work highlights stories that matter to everyday audiences, with an emphasis on accuracy, relevance, and accessible journalism that keeps readers connected to the issues shaping the world around them.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Acrylic Nails for the Modern Professional: Balancing Style and Practicality

    September 6, 2024

    The Majestic Journey of the African Spurred Tortoise: A Guide to Care and Habitat

    September 2, 2024

    Choosing Between a Russian and a Greek Tortoise: What You Need to Know

    June 21, 2024
    Leave A Reply Cancel Reply

    Navigate
    • Home
    • Top News
    • Tech
    • Nintendo
    • Downloads
    • Contact Form
    Pages
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    Recent
    • Games Done Quick Reveals Flame Fatales 2026 Schedule Supporting Malala Fund
    • 17,000 Brain Scans Reveal Unexpected Ethnic Differences in Alzheimer’s Disease Biology
    • Lenovo Unveils Mini PC Built Around Downloadable AI Skills Instead of Traditional Software
    • Uranus and Neptune May Be Magma Worlds Rather Than Ice Giants
    • Women’s Prize for Fiction 2026 Longlist Revealed with Susan Choi and Katie Kitamura Among Contenders
    • About Us
    • Contact Us
    • DMCA
    • Editorial Policy
    • Privacy Policy
    • Nintendo Power – Latest Gaming News, Reviews & Retro Updates
    © 2026 Nintendo Power. All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.