Over 130 Companies Were Targeted in a Phishing Campaign

Companies such as Twillo, Signal, DoorDash, and Cloudfare have been targeted in a vast phishing campaign nicknamed 0ktapus. The hackers conducted this months-long security campaign, in which they were able to steal the login credentials of 10,000 individuals. 

According to a report from Group-IB, a cybersecurity outfit, the attackers imitated the service Okta, a popular sign-on service. The attackers used this access to attack many accounts across other services. 

On August 15th, Signal, a secure messaging service, alerted the users. They informed them that the attackers’ Twilio breach might allow them to reveal up to 1900 Signal accounts. Group-IB also confirmed that they would be able to register new devices to a few accounts. By doing so, the attackers would be able to send and receive from that account.

Twilio has also updated its breach notifications. They have noted that 163 customers’ data has been accessed. Furthermore, 93 Authy users, their cloud service for multifactor authentication, had had their accounts accessed, and the attackers registered additional devices onto them. 

Those who were targeted by the phishing campaign were sent text messages, which redirected them toward a phishing site. This site looked pretty similar to authentication pages, which are quite common. The victims were asked for their username, password, and a two-factor authentication code. The page then forwarded such sensitive information to the attackers. 

According to the analysis of Group-IB, the attackers were inexperienced because the phishing kit was poorly configured on closer inspection. Roberto Martinez, a senior threat intelligence analyst at Group-IB, noted that the phishing kit had been developed in a way that allowed it to extract stolen credentials for further analysis by the attackers.

However, despite the inexperienced kit, the scale of the attack was massive as Group-IB identified 169 unique domains which were targeted. They believe that the campaign started around March 2022, and as of now, the attackers have stolen 9931 login credentials. 

Read Also

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Show Buttons
Hide Buttons