On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack.
Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of cybersecurity. The primary flagship product for Okta is its Single Sign-On offering which effectively grants authenticated users access to a multitude of other services configured to utilize SSO.
It appears the group was able to access Okta.com through a technical support engineer working as a contractor for Okta. In other words, they had direct access to the Okta platform at the same level as the support engineer, and therefore had access to Jira, e-mails, and other internal services at an employee level. So far, there’s nothing to indicate that the trust relationships between Okta and customer implementations have been violated. However, the understanding of the situation is still developing with conflicting information.
To draw an analogy, the group obtained access to keys for the toolbox in the shed out back which they intended to use to get into the house.
This is why supply chain and vendor security is rapidly becoming a high priority threat for businesses today.