Security News > 2022 > August > Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.
The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "Obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations."
Calling the attacks well designed and executed, the Singapore-headquartered company said the adversary singled out employees of companies that are customers of identity services provider Okta.
"Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance."
What's notable about the attacks is the use of an actor-controlled Telegram channel to drop the compromised information, which included user credentials, email addresses, and multi-factor authentication codes.
"While the threat actor may have been lucky in their attacks it is far more likely that they carefully planned their phishing campaign to launch sophisticated supply chain attacks," Group-IB analyst Roberto Martinez said.
News URL
https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html
Related news
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)