In a single phishing attempt, the hackers behind a number of recent attacks, such as those targeting Twilio, Cloudfare, MailChimp, and Klaviyo, infiltrated over 130 firms.
Through this phishing attack, 9,931 login credentials were stolen using a phishing kit with the codename “0ktapus,” which the hackers then used to log into business networks and systems using VPNs and other remote access tools.
Because the primary intent of the assaults was to “get Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations,” the conduct has been denounced by Group-IB.
The Singapore-based corporation said that the opponent sought out employees of businesses that use Okta, a provider of identity services, and praised the attacks for being well-planned and carried out. With the help of the identity-as-a-service (IDaaS) platform Okta, employees may access all of their company’s software with just one login.
The phrases “OKTA,” “HELP,” “VPN,” and “SSO” were used in 169 different phishing domains that supported the 0ktapus campaign.
In addition, customers who used these services, such as This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents