Security News > 2024 > March > Phishers target FCC, crypto holders via fake Okta SSO pages

Phishers target FCC, crypto holders via fake Okta SSO pages
2024-03-04 12:44

A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered.

The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.

Com - which highly resembles the legitimate FCC Okta SSO page.

"Based on the phishing site characteristics, Lookout researchers were able to identify other websites using this phishing kit. Most of the websites use a subdomain of official-server[.]com as their C2. We also found Okta impersonation pages targeting employees of Binance and Coinbase, but the majority of the sites seemed targeted at users of cryptocurrency and SSO services," they added.

"The sites seem to have successfully phished more than 100 victims, based on the logs observed. Many of the sites are still active and continue to phish for more credentials each hour," the researchers noted.

The use of spoofed Okta SSO pages is a favorite tactic by the Scattered Spider hacking group, but the researchers say that the different capabilities and C2 infrastructure of the phishing kit indicate that the group is not responsible for this campaign.


News URL

https://www.helpnetsecurity.com/2024/03/04/phishing-okta-sso/