Okta Agent Involved in MGM Resorts Breach, Attackers Claim


The creators of the ALPHV/BlackCat ransomware have “set the record straight” about the MGM Resorts cyberattack via their leak site. More attacks that misuse Okta may occur in the meanwhile. Threat actors who are thought to be responsible for the cyberattacks on MGM Resorts and Caesars Entertainment last week claim they were able to access MGM’s systems by breaking into the Okta platform used by the business, specifically the Okta Agent, a lightweight client that connects to an organization’s Active Directory.

“MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking in their Okta Agent servers sniffing passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps,” ALPHV stated on its leak site, in a statement.

Read More…