Security News > 2022 > August > 0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations

0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations
2022-08-25 15:49

Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 accounts of over 130 organizations being compromised.

Group-IB Threat Intelligence team uncovered and analyzed the attackers' phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.

The investigation revealed that these phishing attacks as well as the incidents at Twilio and Cloudflare were links in a chain - a simple yet very effective single phishing campaign unprecedented in scale and reach that has been active since at least March 2022.

"While the threat actor may have been lucky in their attacks it is far more likely that they carefully planned their phishing campaign to launch sophisticated supply chain attacks. It is not yet clear if the attacks were planned end-to-end in advance or whether opportunistic actions were taken at each stage. Regardless, the 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time," said Roberto Martinez, Senior Threat Intelligence analyst at Group-IB Europe.

Researchers discovered 169 unique phishing domains involved in the 0ktapus campaign.

"The methods used by this threat actor are not special, but the planning and how it pivoted from one company to another makes the campaign worth looking into. 0ktapus shows how vulnerable modern organizations are to some basic social engineering attacks and how far-reaching the effects of such incidents can be for their partners and customers. By making our findings public we hope that more companies will be able to take preventive steps to protect their digital assets," said Rustam Mirkasymov, Head of Cyber Threat Research at Group-IB Europe.


News URL

https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cloudflare 18 1 13 27 3 44