Rapid Response Status Page
All Systems Operational
Rapid Response Operational
90 days ago
93.91 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Nov 20, 2024

No incidents reported today.

Nov 19, 2024
Resolved - Dear Customers,

An Axon report on the Adversary-in-the-Middle (AiTM) campaign was released. The report includes:

Indicators of Compromise (IOCs)
Threat-hunting queries
Insights into relevant hits

If you have any questions or need further assistance, please feel free to reach out.

Sincerely,
Team AXON

Nov 19, 14:30 UTC
Investigating - Dear customers,
Team AXON is aware of an ongoing Adversary-in-the-Middle (AiTM) campaign, targeting Microsoft 365 user accounts, using Axios infrastructure.
This infrastructure provides the threat actor with the capability of intercepting HTTP traffic, to steal the credentials and/or session tokens of victim users. Users that authenticate using MFA are also vulnerable to this kind of attack.
A threat-focused threat-hunting related to this campaign is now on-going. In case of any significant finding that requires your attention, we’ll of course reach out.
An AXON report will be available for all of our AXON customers as soon as the Rapid Response efforts are concluded.
Please don’t hesitate to contact us in case of any questions.
Sincerely,
Team AXON.

Nov 17, 10:49 UTC
Nov 18, 2024

No incidents reported.

Nov 17, 2024
Nov 16, 2024

No incidents reported.

Nov 15, 2024

No incidents reported.

Nov 14, 2024

No incidents reported.

Nov 13, 2024

No incidents reported.

Nov 12, 2024

No incidents reported.

Nov 11, 2024

No incidents reported.

Nov 10, 2024

No incidents reported.

Nov 9, 2024

No incidents reported.

Nov 8, 2024

No incidents reported.

Nov 7, 2024
Resolved - Dear customers,

Following our latest update, we continued with the threat-focused hunting efforts, looking for suspicious logins.

Relevant hits that require your attention will be mentioned in the AXON report.

Additionally, we have published two new queries for identifying users with usernames above 52 characters, and a threat hunting query for suspicious logins.

These queries are available on Axon's GitHub:
-Users with username above 52 characters:
https://github.com/axon-git/rapid-response/blob/main/okta-auth-bypass/long_usernames_visibility.sql
-Suspicous Logons of usernames above 52 characters:
https://github.com/axon-git/rapid-response/blob/main/okta-auth-bypass/okta_long_usernames_logons_without_mfa.sql

Axon reports have also been published for Team Axon customers, including the updated list of deliverables.

Sincerely,
Team Axon.

Nov 7, 17:54 UTC
Investigating - Team Axon is aware of a vulnerability that affected Okta and would have allowed threat actors, under certain conditions, to authenticate without supplying a password.

The vulnerability was already addressed and patched by Okta, according to Okta, it was exploitable between July 23rd, 2024 to October 30th, 2024 and required the following pre-conditions for an account to be vulnerable:
- Okta AD/LDAP delegated authentication is used
- MFA is not applied
- The username is 52 characters or longer
- The user previously authenticated creating a cache of the authentication
- The cache was used first, which can occur if the AD/LDAP agent was down or cannot be reached, for example, due to high network traffic

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments.In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.

Sincerely,
Team Axon

Nov 7, 09:53 UTC
Nov 6, 2024

No incidents reported.