Security News > 2022 > August > Twilio hackers hit over 130 orgs in massive Okta phishing attack
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign.
This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.
Based on the phishing domains created in this campaign, the threat actors targeted companies in multiple industries, including cryptocurrency, technology, finance, and recruiting.
The attack begins with an SMS message and a link to a phishing page impersonating an Okta login page where victims are prompted to enter their account credentials and the 2FA codes.
The hackers then used these login credentials to gain access to corporate VPNs, networks, and internal customer support systems to steal customer data.
Unmasking user "X". Group-IB's investigators leveraged the little info "Hiding" in the phishing kit to find the admin account of the Telegram channel used for account data exfiltration.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)