Hackers are using voice-based social engineering to bypass multi-factor authentication (MFA) protections and steal Okta single sign-on (SSO) credentials, according to recent reporting and a new threat advisory from the identity provider.

Recently, BleepingComputer reported that attackers posing as IT support staff used vishing calls and real-time adversary-in-the-middle infrastructure to capture Okta SSO credentials and one-time passwords during live login sessions, activity that Okta later said it had “detected and dissected” through its threat intelligence investigations.

Okta, an enterprise identity and access management provider, said the activity involved custom phishing kits designed to support live caller-led attacks, where a caller can control what a victim sees in a browser while walking them through login prompts...