"More Okta Customers Trapped in Scattered Spider's Web"

Customers of Okta, one of the leading providers of authentication services and Identity and Access Management (IAM) systems, report social engineering attacks targeting their Information Technology (IT) service desks to compromise administrator-level user accounts. Multiple Okta customers in the US have reported phishing efforts in which a caller tries to convince service desk employees to reset all multi-factor authentication (MFA) factors enrolled for highly privileged users. The attackers then used the compromised Okta Super Administrator accounts to abuse legitimate identity federation features that allowed them to impersonate users within the organization. When asked if Okta linked the attacks to a specific group, Okta's CSO, David Bradbury, said that other cybersecurity companies have attributed this behavior to threat actors known as Scattered Spider. According to security researchers, Scattered Spider, also known as UNC3944, Scatter Swine, and Muddled Libra, has been in operation since May 2022. This article continues to discuss the phishing campaign targeting Okta customers.

The Register reports "More Okta Customers Trapped in Scattered Spider's Web"