Okta, a leading identity and access management firm, has issued a warning regarding a series of social engineering attacks aimed at IT service desk agents of U.S.-based clients.
The attackers’ primary objective was to deceive these agents into resetting multi-factor authentication (MFA) for high-privileged users.
Their ultimate aim was to gain control of Okta Super Administrator accounts, which hold significant privileges. This access would enable them to exploit identity federation features, allowing them to impersonate users within the compromised organization.
Okta has shared specific indicators of compromise based on observed attacks spanning from July 29 to August 19.
According to Okta, before contacting the IT service desk of a target organization, the attackers either possessed passwords for privileged accounts or managed to manipulate the authentication process within the Active Directory (AD).
Once a Super Admin account was successfully compromised, the threat actors took further precautions by utilizing anonymizing proxy services, adopting a new IP address, and employing a different device.
The hackers, lev
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: