Security News > 2022 > August > Twilio hackers hit over 130 orgs in massive Okta phishing attack
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign.
This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.
Based on the phishing domains created in this campaign, the threat actors targeted companies in multiple industries, including cryptocurrency, technology, finance, and recruiting.
The attack begins with an SMS message and a link to a phishing page impersonating an Okta login page where victims are prompted to enter their account credentials and the 2FA codes.
The hackers then used these login credentials to gain access to corporate VPNs, networks, and internal customer support systems to steal customer data.
Unmasking user "X". Group-IB's investigators leveraged the little info "Hiding" in the phishing kit to find the admin account of the Telegram channel used for account data exfiltration.
News URL
Related news
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)