Threads by @BillDemirkapi about the Okta Breach by LAPSUS$
Posted by jpluimers on 2024/01/16
There are many interesting threads about the Okta breach (via Sitel) by LAPSUS$.
Two of them in reverse chronological order (and their starting points on Twitter):
- [Wayback/Archive] Thread by @BillDemirkapi on Thread Reader App: New documents for the Okta breach: I have obtained copies of the Mandiant report detailing the embarrassing Sitel/SYKES breach timeline and the methodology of the LAPSUS$ group. 1/N
- [Wayback/Archive] Thread by @BillDemirkapi on Thread Reader App: The LAPSUS$ ransomware group has claimed to breach Okta sharing the following images from internal systems.
The hack was remarkably similar to the meme posted about a months later at [Wayback/Archive] Jaco on Twitter: “How the Red Team engagement really went down…”
If the video does not play: click on the Tweet; I tried saving it via [Wayback/Archive] Twitter Video Downloader – Download Twitter Videos and GIF Online and saved them at:
- [Wayback] video.twimg.com/ext_tw_video/1515442077735268353/pu/vid/862×720/rDTzWFEUKDPyaTag.mp4?tag=12
- [Wayback] video.twimg.com/ext_tw_video/1515442077735268353/pu/vid/430×360/_3ocBPINk0d1RMi-.mp4?tag=12
- [Wayback] video.twimg.com/ext_tw_video/1515442077735268353/pu/vid/322×270/KL711ryMKCq44DBZ.mp4?tag=12
It mentions Social Engineering, Office Macros, Mimikatz, Process Hacker, terminating EDR and more. Entertaining and insightful!
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment