Security News

Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 accounts of over 130 organizations being compromised. Group-IB Threat Intelligence team uncovered and analyzed the attackers' phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.

Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign. This phishing campaign utilized a phishing kit codenamed '0ktapus' to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "Obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations."

All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal.

Signal - considered one of the better secured of all the encrypted messaging apps - claims the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts. According to Signal's security note, when Twilio was hit by a phishing attack earlier this month, this may potentially have led to the phone number of 1,900 Signal users being revealed as registered to a specific Signal account.

The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal. "Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we've received a report from one of those three users that their account was re-registered," the Signal team shared on Monday.

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said.

Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month. Twilio provides phone number verification services for Signal and last week disclosed that an attacker hacked its network on August 4.

Customer engagement platform Twilio on Monday disclosed that a "Sophisticated" threat actor gained "Unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "Limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "Well-organized" and "Methodical in their actions." The incident came to light on August 4.

Cloud communications giant Twilio, the owner of the highly popular two-factor authentication provider Authy, says that it has so far identified 125 customers who had their data accessed during a security breach discovered last week. "We have identified approximately 125 Twilio customers whose data was accessed by malicious actors for a limited period of time, and we have notified all of them," Twilio revealed in an update to the original disclosure.