|
|
|
|
|
|
by Huppie
973 days ago
|
|
|
How they detected it can be found at the bottom of the blogpost: > *Indicators of Compromise* > ... > Okta activity for a user without any clear indication that the user authenticated (e.g. a user.session.start event for that user from a similar geographic area) |
|
|