Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Attacks against Twilio and Cloudflare employees have allegedly been linked to a massive phishing campaign that targeted over 130 companies. The phishing campaign spoofed a multi-factor authentication system, resulting in the compromise of roughly 9,931 accounts. The campaigns impersonates Okta, an abuse of identity and access management firm, resulting in the name of 0ktapus being given to the threat actors by security researchers. According to Group-IB researchers, the primary goal of the attack was to gain credentials and multi-factor authentication codes. Those targeted in the attacks received text messages redirecting them to phishing sites that mimicked the legitimate Okta authentication page.
According to researchers, 114 US-based firms have been impacted by the massive phishing campaign. Additional victims are spread across 68 additional countries. Group-IB released a report earlier this week stating that the scope of the attacks remains unclear. The campaign has undoubtedly been very successful, and therefore long term effects may begin to be apparent later on. It is unclear how the threat actors obtained the list of phone numbers leveraged in the MFA attacks, leading some researchers to believe that the threat actor started the campaign by targeting telecommunications companies.