September 15, 2023 | The threat group ALPHV, responsible for the recent cyberattacks on MGM Resorts and Caesars Entertainment, claims to have breached MGM’s systems by exploiting vulnerabilities in the Okta platform, specifically the Okta Agent. The group states that MGM Resorts hastily shut down its Okta Sync servers after learning of the intrusion, resulting in Okta being completely out. ALPHV indicates that they lurked in the Okta Agent servers, sniffing passwords of individuals. The group subsequently launched ransomware attacks against over 1,000 ESXi hypervisors on September 11. ALPHV threatens further action if a financial arrangement is not reached, claiming ongoing access to some of MGM’s infrastructure. Okta’s chief security officer acknowledges a social engineering component to the attack but highlights that the attackers were sophisticated enough to deploy their identity provider and user database into the Okta system. Okta had previously warned of social engineering attacks attempting to gain highly privileged access. The incident raises concerns about potential future cyberattacks targeting high-privilege users and emphasizes the importance of robust security hygiene, continuous monitoring, and threat intelligence sharing.