A post from Okta‘s Chief Security Officer explaining that their investigation revealed there was no external compromise of Okta systems. Rather, there was a compromise to a contracted support engineer’s computer – where threat group LAPSUS$ was able to obtain remote access to Okta support systems using Remote Desktop Protocols (RDP).
This has impacted up to 366 of Okta’s customers, including the confirmed breach of Microsoft, whose Okta tenant was accessible to threat actors by the compromised support contractor’s computer.
This incident reveals that an organisation’s cyber security strength is not limited to the organisation itself, but also third parties embedded in internal systems and processes.
Read more here: https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
NPD4n6: Nicks DFIR blog 
Leave a comment