Subj : Okta warns scammers are going after super admin privileges
To   : All
From : TechnologyDaily
Date : Mon Sep 04 2023 19:45:04

Okta warns scammers are going after super admin privileges

Date:
Mon, 04 Sep 2023 18:26:28 +0000

Description:
Hackers are trying to reset MFA tools for Okta accounts belonging to 
administrators.

FULL STORY
======================================================================

Criminals have been targeting Oktas clients in an attempt to gain access to 
accounts with administrator privileges. 

"In recent weeks, multiple U.S.-based Okta customers have reported a 
consistent pattern of social engineering attacks against IT service desk 
personnel, in which the caller's strategy was to convince service desk 
personnel to reset all multi-factor authentication (MFA) factors enrolled by 
highly privileged users," the company confirmed in a blog post . 

The campaign was active between July 29 and August 19 2023, it was added. 
Muddled Libra 

Apparently, the attackers (whom Okta did not want to name) have already 
obtained the target accounts username and password combination. However, as 
these accounts were protected by MFA, the threat actors had no other choice 
but to try and trick their way into resetting the tool. 

If the attackers had succeeded, they would be granted the ability to assign 
higher privileges to other accounts, reset authenticators for other people, 
and even remove two-factor authentication if needed. Read more 

> Some of Google's new domain names could pose a serious security risk 


 > These dangerous phishing attacks are more common than ever - here's what 
you need to know 


 > Here's our list of the best ID theft protection software 

While Okta did not say who was behind the campaign, the media came to its own 
conclusion, based on the information provided. Thus, The Hacker News argues 
that this could be the work of Muddled Libra, an activity cluster partly 
overlapping with the likes of Scattered Spider and Scatter Swine. Googles 
Mandiant tracks the group as UNC3944. Theyre basing their conclusion on the 
fact that the group uses a commercial phishing kit called 0ktapus. Unit 42, 
on the other hand, argues that multiple groups are using 0ktapus, which means 
its not 100% certain Muddled Libra was behind the campaign. 

Muddled Libra is a threat actor known to target organizations in software 
automation, BPO, telecommunications, and technology industries. Between 
mid-2022 and early 2023, Unit 42s researchers investigated more than half a 
dozen incidents related to this threat actor. This is the best firewall to 
keep your business safe 

Via: The Hacker News



======================================================================
Link to news story:
https://www.techradar.com/pro/okta-warns-scammers-are-going-after-super-admin-
privileges


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.