• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Leaked forensic details of Okta breach reveal finer details of LAPSUS$ operation

You are here: Home / General Cyber Security News / Leaked forensic details of Okta breach reveal finer details of LAPSUS$ operation
March 29, 2022

Digital generated image of electronic circuit security padlock made out of numbers on black background.

Getty Photos

Things of cyber security business Mandiant’s report into the Sitel breach that led to the compromise of identification platform Okta before in March has been leaked on line, revealing the finer information of LAPSUS$’ procedure.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Sitel retained Mandiant soon just after finding the breach and a timeline of gatherings was illustrated by a collection of logs provided in Mandiant’s report. The timeline showed LAPSUS$ downloading hacking equipment straight from the web and other revelations like Sitel seemingly storing domain passwords in an Excel spreadsheet.

Investigation by unbiased security researcher Monthly bill Demirkapi advised this spreadsheet might have authorized LAPSUS$ to generate a backdoor in Sitel’s surroundings. Sitel did not answer to IT Pro’s request for remark on this and Manditant declined to give any more input.

New paperwork for the Okta breach: I have attained copies of the Mandiant report detailing the uncomfortable Sitel/SYKES breach timeline and the methodology of the LAPSUS$ group. 1/N https://t.co/z05uQYclg9 pic.twitter.com/e0T4EdWPxT

— Monthly bill Demirkapi (@BillDemirkapi) March 28, 2022

LAPSUS$ used publicly obtainable resources downloaded from GitHub to facilitate its attack, Mandiant’s report indicated, which includes Mimikatz – a popular instrument for harvesting qualifications on Windows devices.

The to start with recorded distant desktop protocol (RDP) relationship employing the influenced third-party support engineer’s account was designed on the 19th of January, indicating this is when LAPSUS$ very first attained entry to Sitel.

IT Pro questioned Sitel why it did not warn its consumers to the breach at the time, but it did not reply at the time of publication.

LAPSUS$ was able to simply download Mimikatz, which has been utilised in superior-profile cyber attacks such as NotPetya, simply just from its formal GitHub page and run it soon after disabling FireEye’s endpoint security.

Mimikatz was employed in LAPSUS$ first reconnaissance section of the attack and the credentials harvested employing the instrument authorized the group to create a foothold and escalate its privileges in Sitel’s network. 

Mandiant’s report also indicated that LAPSUS$ concluded its objective by location email transportation rules to forward all incoming and outgoing email in Sitel’s surroundings, an observation previously highlighted by Microsoft. 

Demirkapi was subsequently produced from his offensive security placement at Zoom for publishing the intrusion timeline from Mandiant’s report, sparking outcry in the cyber security local community.

IT Pro asked Zoom for an explanation of Demirkapi’s sacking but it did not reply.

LAPSUS$ is the hacking team that was powering main breaches of large-profile providers which includes Nvidia, Samsung, Microsoft, and LG. 

Soon following LAPSUS$ announced its breach of Sitel and Okta by way of its Telegram channel on 22 March, UK regulation enforcement built a range of arrests in relationship with the breach.

7 individuals aged involving 16 and 21 several years have been arrested on 24 March. All ended up unveiled but investigations are ongoing.




Some components of this posting are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Security Incidents Reported to FCA Surge 52% in 2021

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Leaked forensic details of Okta breach reveal finer details of LAPSUS$ operation
  • Security Incidents Reported to FCA Surge 52% in 2021
  • A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages
  • New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack
  • The ten biggest threats to your Windows PC in 2022
  • Critical Sophos Security Bug Allows RCE on Firewalls
  • Washington Health District Suffers Another Data Breach
  • US Comms Regulator Deems Kaspersky a National Security Risk
  • US Proposes Healthcare Cybersecurity Act
  • Zero-day Attacks Doubled in 2021

Copyright © TheCyberSecurity.News, All Rights Reserved.