Okta Support System was compromised, allowing unauthorized access to the sensitive HTTP Archive (HAR) files uploaded by the Customers. HAR Files contain sensitive data like Session Token, which the Okta Support team uses for impersonation. The Threat Actor used HAR Files to gain access to the system.
In March 2022, Okta disclosed an internal system breach from the hacking group LAPSUS$. In a recent attack, the Okta team has not yet revealed the name of the threat actor, but they believe this is an adversary they have seen before.
Attacker Techniques - Kill Chain
Supply Chain Breaches
Questions for CISO's & Security LEaders?