Security News > 2024 > March > Hackers target FCC, crypto firms in advanced Okta phishing attacks
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals.
The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
Victims reaching the phishing site are prompted to solve a CAPTCHA challenge, which Lookout says serves both for filtering out bots and adding legitimacy to the phishing process.
The central panel controlling the phishing process allows the attackers to customize the phishing page to include the victim's phone number digits, making the SMS token requests appear legitimate.
The threat actors primarily used Hostwinds and Hostinger to host their phishing pages in late 2023 but later switched to the Russia-based RetnNet, which may offer a more extended operational period for shady sites.
Regardless of who is behind the kit, its advanced nature, the targeting strategy and communication methods of its operators, and the high quality of the phishing materials underscore the impact this can have on targeted organizations.
News URL
Related news
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)