On Friday, Okta, a provider of identity services, issued a warning about social engineering assaults planned by threat actors to gain elevated administrator permissions. The caller’s tactic, according to the company, was to persuade service desk staff to reset all multi-factor authentication (MFA) factors enrolled by highly privileged users. “In recent weeks, multiple U.S.-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel,” the company said.
The adversary subsequently made the decision to mimic users within the infiltrated organization by abusing the extremely powerful Okta Super Administrator accounts. According to the corporation, the campaign ran from July 29 through August 19, 2023. Although Okta withheld the threat actor’s identity, the strategies used have all the characteristics of the Muddled activity cluster.