The timeline details how the attackers used remote access services and publicly accessible hacking tools to compromise and navigate through Sitel’s network, gaining deeper visibility to the network over the five days that Lapsus$ had access. VPNs, or virtual private networks, are often a target for attackers since they can be exploited to remotely access a company’s network. The documents, obtained by independent security researcher Bill Demirkapi and shared with TechCrunch, include a Sitel customer communication sent on January 25 - more than a week after hackers first compromised its network - and a detailed timeline of the Sitel intrusion compiled by incident response firm Mandiant dated March 17 that was shared with Okta.Īccording to the documents, Sitel said it discovered the security incident in its VPN gateways on a legacy network belonging to Sykes, a customer service company working for Okta that Sitel acquired in 2021. Okta is used by thousands of organizations and governments worldwide as a single sign-on provider, allowing employees to securely access a company’s internal systems, such as email accounts, applications, databases and more. The documents provide the most detailed account to date of the Sitel compromise, which allowed the hackers to later gain access to Okta’s network.
Okta admitted the compromise in a blog post, and later confirmed 366 of its corporate customers are affected by the breach, or about 2.5% of its customer base. The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that provide new details of the cyber intrusion that have not yet been reported.Ĭustomers only learned of Okta’s January security breach on March 22 after the Lapsus$ hacking group published screenshots revealing it had accessed Okta’s internal apps and systems some two months earlier.
0 kommentar(er)
