Phishing campaign targets over 130 companies including Signal, Twilio

The attack, Oktapus, targeted more than 130 companies, attacking 169 unique domains and stealing 9,931 credentials

Tech Desk August 27, 2022
Hackers got hold of more than a billion Yahoo accounts. PHOTO: REUTERS

A phishing campaign nicknamed 'Oktapus' by security researchers attacked over 130 countries including Twilio, DoorDash, and Cloudflare. Nearly 10,000 individuals' login credentials were stolen by attackers who were imitating single sign-on service Okta.

According to a report by cybersecurity outfit, Group-IB, attackers used the service to attack other accounts of their victims. Signal warned its users of the attack on August 15, detailing that 1,900 accounts had been breached, while Twilio's 163 customers had their data accessed in the attack.

The targets of the attack received text messages redirected from the phishing site which looked "quite convincing as it is very similar to the authentication page they are used to seeing”.The site asked users for their username, password, and a two-factor authentication code, to send to the attackers.

Group-IB’s Roberto Martinez, the analysis suggested that attackers were amateur and inexperienced as it had been "poorly configured and the way it had been developed provided an ability to extract stolen credentials for further analysis".

However, the massive attack was able to target 169 unique domains and steal 9,931 login credentials since March 2022. The attackers also clawed their way to big tech companies like Microsoft, T-Mobile, Verizon, Coinbase, and more.

Researchers said that "seeing financial companies in the compromised list gives us the idea that the attackers were also trying to steal money. Furthermore, some of the targeted companies provide access to crypto assets and markets, whereas others develop investment tools.”



Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ