{"id":45831,"date":"2022-03-22T21:30:00","date_gmt":"2022-03-22T21:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds"},"modified":"2022-03-22T21:30:00","modified_gmt":"2022-03-22T21:30:00","slug":"ransomware-group-claims-major-okta-breach","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/","title":{"rendered":"Ransomware Group Claims Major Okta Breach"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A ransomware group&#8217;s claims this week that it had stolen source code from Microsoft and had \u2014 at least at one point \u2014 gained control of a superuser account at identity authentication provider Okta has stirred widespread concern within the security industry. <\/p>\n<p>Some have described the incident at Okta \u2014 which the company\u2019s CEO, Todd McKinnon, <a href=\"https:\/\/twitter.com\/toddmckinnon\/status\/1506184721922859010\" target=\"_blank\" rel=\"noopener\">confirmed via Twitter<\/a> on Tuesday \u2014 as especially worrisome given how some of the world&#8217;s largest organizations use its technology for authenticating access to their systems and data. One researcher who analyzed screenshots that the ransomware group posted Monday said they indicated the attackers had used a third-party customer support engineer&#8217;s system to gain access to an Okta back-end administrative panel for managing customers \u2014 among other things.<\/p>\n<p>But Okta&#8217;s CSO David Bradbury in an updated statement on Tuesday described the incident as relatively minor and said that Okta customers needed to take no corrective actions because of the incident. He said a service provider that Okta hired to investigate the incident found the attackers had access to a support engineer&#8217;s laptop for a five-day window of time between Jan. 16 and 21, 2022. But the access would not have allowed the attackers to take actions like creating or deleting users or downloading customer databases. Support engineers can facilitate the resetting of passwords \u2014 including multifactor authentication \u2014 but they do not have access to those passwords, Bradbury said.<\/p>\n<p>Of particular concern is that Okta apparently was aware of the incident in late January but did not disclose it until&nbsp;this week \u2014 potentially heightening data breach risks for its customers. Already, the CEO of one of its customers, Cloudflare, has hinted it is evaluating alternatives to Okta following news of the incident. Several others responding to McKinnon&#8217;s tweet questioned the delayed notification and the lack of details on the incident from the company so far. &#8220;This is a pretty opaque response at a time when a lot of people are nervous and needing as much information as possible to reassure them,&#8221; <a href=\"https:\/\/twitter.com\/iamleonmallett\/status\/1506221700236693511\" target=\"_blank\" rel=\"noopener\">one Twitter user noted<\/a>.<\/p>\n<p>Lapsus$, a ransomware gang that seemingly surfaced out of nowhere a few months ago, on Monday posted numerous screenshots on its Telegram channel that purported to show documents it had obtained from its access to systems at Microsoft and Okta. Eight screenshots claimed to show <a href=\"https:\/\/twitter.com\/vxunderground\/status\/1506114493067186183\" target=\"_blank\" rel=\"noopener\">images captured from Okta&#8217;s internal systems<\/a>, according to researchers who analyzed the images. <\/p>\n<p>The other images showed the attackers had managed to access at least some source code related to Microsoft&#8217;s Bing search engine, Bing Maps, and its Cortana virtual assistant. Some reports have suggested the attackers had stolen some 37GB of Microsoft source code, but that could not be confirmed. In response to a Dark Reading query about the reported intrusion and data theft, a Microsoft spokeswoman merely noted the company was aware of the claims and is currently investigating them.<\/p>\n<p><strong>Superuser Access<\/strong><strong><br \/><\/strong>Independent security researcher Bill Demirkapi, who has scrutinized&nbsp;the Okta images, said the posts indicate that the attackers breached the machine of a third-party support staff member working for Sykes Enterprises, Inc. &#8220;The individual compromised seems to work for Okta&#8217;s customer support team, specifically as a Tier 2 support,&#8221; Demirkapi says.<\/p>\n<p>Using the access this support staff member had, Lapsus$ was able gain access to Okta chat messages in Slack, customer support tickets in Jira, and a back-end administrative tool named &#8220;superuser&#8221; for assisting customers. In messages that Lapsus$ posted on its Telegram channel, the ransomware group made it clear that it was not targeting Okta&#8217;s database, but rather its customers, Demirkapi says.<\/p>\n<p>&#8220;At this time, it is not clear what data was stolen from Okta customers,&#8221; he notes. The &#8220;superuser&#8221; tool appears to grant the support staff member access to manage Okta customers, but the extent of the access is unknown. One of the screenshots suggest the attackers gained access to Okta customer Cloudflare&#8217;s environment and had the ability to reset employee passwords, he says.&nbsp;<\/p>\n<p>&#8220;If you are a customer of Okta and want more information, I would recommend reviewing [Okta] security logs for the past 90 days for suspicious activity and reaching out to Okta directly for more details,&#8221; Demirkapi says.<\/p>\n<p>Okta CEO McKinnon said the screenshots that Lapsus$ posted online appeared tied to a late January 2022 incident where attackers gained access to the account of a third-party customer support engineer working for one of Okta&#8217;s subprocessors. The matter was investigated and contained, McKinnon claimed. &#8220;Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January,&#8221; he said.<\/p>\n<p>However, Okta customer Cloudflare&#8217;s CEO, Matthew Prince, said the company is resetting Okta credentials for any employee who changed their password in the last four months out of an &#8220;abundance of caution.&#8221;<\/p>\n<p>&#8220;We\u2019ve confirmed no compromise,&#8221; <a href=\"https:\/\/twitter.com\/eastdakota\/status\/1506158901078618118\" target=\"_blank\" rel=\"noopener\">Prince said<\/a>. &#8220;Okta is one layer of security. Given they may have an issue we\u2019re evaluating alternatives for that layer.&#8221;<\/p>\n<p><strong>Big Questions Remain<\/strong><br \/>Ronen Slavin, CTO and co-founder at Cycode, says the significance of the Okta incident hinges on whether Lapsus$ was able to access customer data. &#8220;Because Okta manages each customer&#8217;s keys to the kingdom, exploiting Okta&#8217;s Workforce Identity Solutions potentially enables an attacker to provision themselves administrator-level access into Okta&#8217;s customers&#8217; applications,&#8221; he says.<\/p>\n<p>A significant secondary concern is whether the ransomware group accessed Okta&#8217;s software development environment, Slavin says. &#8220;We do see in the screenshots access to Jira tickets, and Jira can contain some awfully sensitive information that could easily facilitate lateral movement,&#8221; he says. The biggest issue is if Okta&#8217;s Jira environment contained authentication related secrets that would have enabled Lapsus$ to do more damage. &#8220;If Lapsus$ was able to tamper with Okta&#8217;s code, the potential to exploit customers increases significantly,&#8221; he says.<\/p>\n<p>In the past two months, Lapsus$ has posted data that it claims to have accessed from multiple other companies including Nvidia, Samsung, Ubisoft, and Vodafone. It&#8217;s not clear at all if any of these incidents were facilitated by the access the threat group had to Okta&#8217;s environment \u2014 or even if these organizations are customers of Okta in the first place. The threat group&#8217;s tactics for gaining access to target networks has included stealing credentials and offering to pay employees for providing them with access to their organization&#8217;s networks.<\/p>\n<p>Given the fact that the screenshots Lapsus$ has posted date back to Jan. 21, the group has had the time to act on any information it was able to find, Slavin says. However, Okta has a strong record of transparency with security incidents going back to Heartbleed, he adds. &#8220;Okta has earned the credibility for us to believe they are being transparent based on what they currently know,&#8221; Slavin says.<\/p>\n<p>Meanwhile, the Microsoft-related data that Lapsus$ posted online suggest the attacker was able to gain access to Microsoft&#8217;s internal Azure DevOps environment for managing source code, Demirkapi says. &#8220;Shockingly, when they bragged about this access, Lapsus$ was in the middle of exfiltrating source code from Microsoft&#8217;s servers,&#8221; Demirkapi says. &#8220;This was verified by comparing the timestamp of their message and the time stamp of the source code they ended up leaking.&#8221;<\/p>\n<p>The source code that the ransomware group release was only for Bing, Bing Maps, and Cortana. &#8220;Even then, this source code was only a partial dump likely because Microsoft cut off their access shortly after their message,&#8221; Demirkapi says. &#8220;There is no evidence Lapsus$ had access to customer data.&#8221; <\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Screenshots that ransomware gang Lapsus$ released this week suggest the threat actor also stole Microsoft source code.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-45831","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-22T21:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware Group Claims Major Okta Breach\",\"datePublished\":\"2022-03-22T21:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\"},\"wordCount\":1257,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\",\"name\":\"Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\",\"datePublished\":\"2022-03-22T21:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage\",\"url\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\",\"contentUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Group Claims Major Okta Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-03-22T21:30:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware Group Claims Major Okta Breach","datePublished":"2022-03-22T21:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/"},"wordCount":1257,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/","name":"Ransomware Group Claims Major Okta Breach 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg","datePublished":"2022-03-22T21:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0b9867ad1c17af46\/623a1f92a5f23615b09b99d2\/okta2_Tada_Images_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-group-claims-major-okta-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware Group Claims Major Okta Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45831"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45831\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}