Okta (US)
Threat actors publicly named in connection with targeting Okta. Sorted by IDF score (rarity-weighted CVE attribution) with extraction confidence as tiebreaker. Each row's evidence is a verbatim quote from the source attribution.
2 attributed actor(s) ·
Category mix: hacktivist=1, unknown=1 ·
Attacker regions: International=1, —=1
| Actor | Category | Sponsor | Confidence | Evidence | CVEs | IDF | Last active |
|---|---|---|---|---|---|---|---|
| Scattered Spider (G1015) | unknown | — | 0.90 | obtain administrator access in Okta, AWS, and Office 365. | 1 | 1.2 | 2026 |
| LAPSUS$ (hacktivist persona) (HACK-LAPSUS-HACKTIVIST) | hacktivist | — | 0.95 | claiming high-profile breaches at Microsoft, NVIDIA, Samsung, Okta | 0 | 0.0 | — |
Sibling victims
Other named victims whose attacker circle overlaps with this one — defenders use this to find sectoral or geographic cohorts that face the same actors.
- Microsoft — 1 shared actor(s)
- Samsung — 1 shared actor(s)
- NVIDIA — 1 shared actor(s)
- Amazon Web Services — 1 shared actor(s)
- Office 365 — 1 shared actor(s)
« All victims · All actors · Browse by sector · Recent breach notifications