Security News > 2022 > August > Twilio hackers hit over 130 orgs in massive Okta phishing attack
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign.
This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.
Based on the phishing domains created in this campaign, the threat actors targeted companies in multiple industries, including cryptocurrency, technology, finance, and recruiting.
The attack begins with an SMS message and a link to a phishing page impersonating an Okta login page where victims are prompted to enter their account credentials and the 2FA codes.
The hackers then used these login credentials to gain access to corporate VPNs, networks, and internal customer support systems to steal customer data.
Unmasking user "X". Group-IB's investigators leveraged the little info "Hiding" in the phishing kit to find the admin account of the Telegram channel used for account data exfiltration.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)