Sitel blames the legacy computer network for the Okta hack

Sitel, which found itself at the center of a large-scale data leak affecting the popular access control provider Okta, blamed the “legacy” network for this incident.

Earlier, the Lapsus$ cybercrime group published screenshots of data allegedly stolen after gaining access to the Telegram messenger. Okta.com Superuser/Admin and other computer systems of Okta. Okta analyzed screenshots depicting the alleged leakage of its data and reported that they were related to a cyber incident that occurred in January 2022.

Representatives of Sitel traced the data leak to the “legacy” network of Sykes Enterprises, which Sitel acquired in August 2021. On January 20, 2022, Sitel Group became aware of a cyber incident that affected part of the inherited Sykes network. Then Sitel Group took the necessary measures to notify and protect all potentially affected customers who were served by the former organization.

According to a report by the Mandiant information security company, the Lapsus$ group exploited the CVE-2021-34484 vulnerability before using ready-made tools from GitHub to bypass the company’s FireEye endpoint agent. From there, hackers downloaded the popular Mimikatz credential reset utility and created a backdoor of users in the Sitel environment after gaining access to a Microsoft Excel document called DomAdmins-LastPass.xlsx . LastPass is a popular password management application, and DomAdmins may be short for Domain Administrators.

“Some media falsely claimed that a spreadsheet was disclosed that contained compromised passwords and thereby contributed to the cyberattack. This spreadsheet simply lists the account names of the legacy Sykes Enterprises, but does not contain any passwords. The only reference to the passwords in the spreadsheet was the date when the passwords were changed for the specified account,” Sitel said in a statement.