Security News > 2024 > March > Hackers target FCC, crypto firms in advanced Okta phishing attacks
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals.
The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
Victims reaching the phishing site are prompted to solve a CAPTCHA challenge, which Lookout says serves both for filtering out bots and adding legitimacy to the phishing process.
The central panel controlling the phishing process allows the attackers to customize the phishing page to include the victim's phone number digits, making the SMS token requests appear legitimate.
The threat actors primarily used Hostwinds and Hostinger to host their phishing pages in late 2023 but later switched to the Russia-based RetnNet, which may offer a more extended operational period for shady sites.
Regardless of who is behind the kit, its advanced nature, the targeting strategy and communication methods of its operators, and the high quality of the phishing materials underscore the impact this can have on targeted organizations.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)