Security News > 2022 > August > Twilio hackers hit over 130 orgs in massive Okta phishing attack

Twilio hackers hit over 130 orgs in massive Okta phishing attack
2022-08-25 14:53

Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign.

This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.

Based on the phishing domains created in this campaign, the threat actors targeted companies in multiple industries, including cryptocurrency, technology, finance, and recruiting.

The attack begins with an SMS message and a link to a phishing page impersonating an Okta login page where victims are prompted to enter their account credentials and the 2FA codes.

The hackers then used these login credentials to gain access to corporate VPNs, networks, and internal customer support systems to steal customer data.

Unmasking user "X". Group-IB's investigators leveraged the little info "Hiding" in the phishing kit to find the admin account of the Telegram channel used for account data exfiltration.


News URL

https://www.bleepingcomputer.com/news/security/twilio-hackers-hit-over-130-orgs-in-massive-okta-phishing-attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Okta 8 1 4 5 0 10