Id companies supplier Okta has disclosed that it detected “extra risk actor exercise” in reference to the October 2023 breach of its assist case administration system.
“The risk actor downloaded the names and e mail addresses of all Okta buyer assist system customers,” the corporate stated in an announcement shared with The Hacker Information.
“All Okta Workforce Id Cloud (WIC) and Buyer Id Resolution (CIS) clients are impacted besides clients in our FedRamp Excessive and DoD IL4 environments (these environments use a separate assist system NOT accessed by the risk actor). The Auth0/CIC assist case administration system was not impacted by this incident.”
Information of the expanded scope of the breach was first reported by Bloomberg.
The corporate additionally advised the publication that whereas it doesn’t have any proof of the stolen data being actively misused, it has taken the step of notifying all clients of potential phishing and social engineering dangers.
It additionally said that it “pushed new security measures to our platforms and offered clients with particular suggestions to defend towards potential focused assaults towards their Okta directors.”
Okta, which has enlisted the assistance of a digital forensics agency to assist its investigation, additional stated it “may also notify people which have had their data downloaded.”
The event comes greater than three weeks after the id and authentication administration supplier stated the breach, which happened between September 28 to October 17, 2023, affected 1% – i.e., 134 – of its 18,400 clients.
The id of the risk actors behind the assault towards Okta’s methods is at present not recognized, though a infamous cybercrime group referred to as Scattered Spider has focused the corporate as lately as August 2023 to receive elevated administrator permissions by pulling off subtle social engineering assaults.
In keeping with a report revealed by ReliaQuest final week, Scattered Spider infiltrated an unnamed firm and gained entry to an IT administrator’s account through Okta single sign-on (SSO), adopted by laterally shifting from the identity-as-a-service (IDaaS) supplier to their on-premises property in lower than one hour.
The formidable and nimble adversary, in current months, has additionally advanced into an affiliate for the BlackCat ransomware operation, infiltrating cloud and on-premises environments to deploy file-encrypting malware for producing illicit earnings.
“The group’s ongoing exercise is a testomony to the capabilities of a extremely expert risk actor or group having an intricate understanding of cloud and on-premises environments, enabling them to navigate with sophistication,” ReliaQuest researcher James Xiang stated.
