What is the Scattered LAPSUS$ Hunters' current attack method?

The Scattered LAPSUS$ Hunters are using a sophisticated vishing campaign with a 'Live Phishing Panel' to intercept Okta SSO credentials and MFA tokens in real-time.

How many companies are targeted by SLH's Okta attack?

Approximately 100 large enterprises across various verticals are currently being targeted by the Scattered LAPSUS$ Hunters.

What is the risk of a hijacked Okta session?

A hijacked Okta session acts as a 'skeleton key,' granting attackers access to all applications within a corporate environment, enabling data theft and other malicious activities.

Home / Technology / SLH's new panel steals Okta credentials live

SLH's new panel steals Okta credentials live

28 Jan

•

Summary

Scattered LAPSUS$ Hunters are targeting ~100 enterprises with vishing
New Live Phishing Panel intercepts credentials and MFA tokens in real-time
Hijacked Okta sessions give attackers skeleton key to corporate apps

SLH's new panel steals Okta credentials live

Cyber threat actors known as Scattered LAPSUS$ Hunters (SLH) are actively pursuing a large-scale identity theft operation. The group is targeting around 100 major enterprises, focusing on compromising Okta single sign-on (SSO) credentials through sophisticated vishing attacks.

SLH employs a novel 'Live Phishing Panel' to intercept user credentials and multi-factor authentication (MFA) tokens during live login sessions. Security researchers indicate that this tactic allows attackers to gain a 'skeleton key' to an organization's digital infrastructure.

While numerous high-profile companies are on the list of targeted organizations, there is currently no confirmation of any successful breaches. The potential for significant damage remains high, as compromised Okta sessions can lead to data exfiltration, lateral movement, and ransomware attacks.