1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Massive identity theft campaign targeting Okta single sign-on at

    From TechnologyDaily@1337:1/100 to All on Tuesday, January 27, 2026 20:30:09
    Massive identity theft campaign targeting Okta single sign-on at over 100 top businesses - make sure your firm stays safe

    Date:
    Tue, 27 Jan 2026 20:15:00 +0000

    Description:
    Scattered LAPSUS$ Hunters are targeting major firms with sophisticated voice phishing attacks.

    FULL STORY ======================================================================SLH targets ~100 enterprises with vishing attacks on Okta SSO credentials Live Phishing Panel intercepts credentials and MFA tokens in real-time No
    confirmed breaches yet, but hijacked Okta sessions pose severe risks

    The notorious Scattered LAPSUS$ Hunters (SLH) threat actors are currently engaged in a massive identity theft campaign targeting Okta single sign-on (SSO) credentials at around 100 large enterprises.

    Security researchers Silent Push found the hackers were currently running a sophisticated vishing (voice phishing) campaign, aimed at obtaining access to corporate infrastructure in order to exfiltrate sensitive data and then
    extort the victims for money.

    The researchers said that SLH uses a new Live Phishing Panel, which allows their operators to sit in the middle of a login session, intercepting credentials and MFA tokens in real-time. In other words, the attackers would call the victims on the phone and get them to log into a service, while sitting in the middle and intercepting the secrets passing through. Results unknown

    Silent Push says that roughly 100 organizations from different verticals are being targeted. The entire list can be found here , and includes high-profile targets such as Atlassian, Morningstar, American Water, GameStop, and
    Telstra.

    Being targeted, and being compromised are two entirely different things, though. There is no confirmation that any of the companies from the list were actually broken into, and at press time, there was no evidence of that being the case.

    Silent Push told The Register it has no intel to share about potential victims, and SLH are yet to add anyone to their data leak website. The
    hackers did confirm that the number of targets was close.

    The researchers said the risk of the campaign is great, because once an Okta session is hijacked, the attacker has a skeleton key to every app in the corporate environment. This allows them to extort sensitive data, move laterally, and even encrypt the data if needed.

    Standard security awareness training often fails to stop this specific
    threat. SLH operators are highly persuasive, frequently calling help desks
    and employees while simultaneously manipulating a live phishing page to match the victims specific login prompts, the researchers explained.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/massive-identity-theft-campaign-targeti ng-okta-single-sign-on-at-over-100-top-businesses-make-sure-your-firm-stays-sa fe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)