Over 9,000 user credentials compromised in a widespread phishing campaign that ensnared Twilio and Mailchimp.
In a series of recent cyber attacks, the phishing campaign known as Oktapus has caused havoc, particularly targeting Twilio and Cloudflare. The campaign, as revealed by cybersecurity firm Group-IB, has compromised over 10,000 user credentials across 136 organizations since its inception in March. One of the most significant breaches occurred at the secure messaging platform Signal, which was a breached customer of Twilio. The fallout from this compromise spread to 1,900 Signal users. Interestingly, the phishing scheme ensnared other organizations as well, such as Mailchimp, which led to a breach at DigitalOcean. The attackers, in their quest for access, often utilised users' customer-facing systems or mailing lists to launch supply chain attacks. For a successful attack, threat actors had to monitor their tools and move quickly, as 2FA codes expire. However, the phishing kit used in the Oktapus campaign was not properly configured to target mobile devices, indicating a level of inexperience on the part of the attackers. Despite gaining media attention, the campaign continued until it was eventually halted. However, the real extent of the attacks and the number of compromised organizations remains unknown. Many organizations that were breached did not publicly report it, which may have prolonged the campaign. The majority of victims were U.S.-based and provided IT, software development, or cloud services. The phishing site mimicked a standard authentication page, prompting targets to enter their username and password. A subsequent page requested the 2FA code, and upon entry, a copy of the remote administration tool AnyDesk was downloaded. The Oktapus campaign targeted 169 unique domains, suggesting a wide-reaching and strategic approach by the attackers. As we continue to navigate the digital landscape, it is crucial to remain vigilant against such threats and to prioritise cybersecurity measures to protect our organizations and personal information.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Updated Framework for NIST Cybersecurity: Comprehensive Insight into the Latest Version
- Insecure coding practices permeate numerous businesses, potentially leading to significant future difficulties in ensuring system safety.
