More than 130 organizations, including Twilio, DoorDash, and Signal, have been potentially compromised by hackers as part of a months-longPhishing campaign dubbed "0ktapus" by security researchers. Passwords belonging to nearly 10,000 people were stolen by attackers who mimicked Okta.
A group of people were sent text messages that led them to a website. The report from Group- IB states, "From the victim's point of view, the site looks quite convincing as it is very similar to the page they are used to seeing." The victims were asked for their usernames and passwords. The attackers received this information.
Despite the campaign's success, Group-IB’s analysis suggests that the attackers were somewhat inexperienced
Group- IB suggests that the attackers were not very experienced. The analysis of the kit revealed that it was poorly configured and the way it had been developed gave an ability to extract stolen credentials for further analysis.
The scale of the attack is huge, with Group- IB detecting 169 unique domains targeted by the campaign. The 0ktapus campaign is believed to have started in March of 2022. Finance, gaming, and telecoms have been targeted by the attackers. Microsoft, T-Mobile, AT&T, and Best Buy are all listed as targets by Group- IB.
Cash appears to be one of the motives for the attacks, with researchers stating that seeing financial companies in the compromised list gives them the idea that the attackers were also trying to steal money. Some of the targeted companies give access toCryptocurrencies and markets, while others are not.
Group-IB warns that we likely won’t know the full scale of this attack for some time
We won't know the full scale of the attack for a while. Group-IB offers the usual advice: always be sure to check the URL of any site where you're entering login details; treat URLs received from unknown sources with suspicion; and for added protection, use an "unphishable."
The recent string ofPhishing attacks is one of the most impressive campaigns of this scale to date, with the report concluding thatOktapus shows how vulnerable modern organizations are to some basic social engineering attacks and how far-reaching the effects of such incidents can be
The scale of these threats is likely to stay the same. According to research from Zscaler, there has been a 29 percent increase in the number of phish attacks in the year 2021. Earlier this year, we saw that both Apple and Meta shared data with hackers pretending to be law enforcement officials, as part of a social engineered scam.