Security News > 2022 > August > Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.
The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "Obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations."
Calling the attacks well designed and executed, the Singapore-headquartered company said the adversary singled out employees of companies that are customers of identity services provider Okta.
"Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance."
What's notable about the attacks is the use of an actor-controlled Telegram channel to drop the compromised information, which included user credentials, email addresses, and multi-factor authentication codes.
"While the threat actor may have been lucky in their attacks it is far more likely that they carefully planned their phishing campaign to launch sophisticated supply chain attacks," Group-IB analyst Roberto Martinez said.
News URL
https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)