darkweb news 2023
Dark Web News

Oktapus Phishing Scam Wreaks Havoc

Darkweb Guru

Hackers Stole Okta Login Credentials

Just recently, over 100 firms were targeted by a phishing campaign, dubbed ‘Oktapus’ and designed by the very same hackers behind a string of attacks on communication-oriented companies, including Klayvio and Twilio among the targets.

Approximately 9,931 login credentials were stolen through this campaign, which the hackers proceeded to use to log into business networks via remote access tools, VPN services being just one of the tools at their disposal.

However, this campaign has been long in the making, being active since at least March 2022, based on the findings of a Group-IB investigation. The hackers hacking assaults, aimed to obtain Okta identity credentials and 2FA tokens, were extremely successful. These credentials were used to conduct further supply chain attacks and have since resulted in a number of data breaches against entities like Mailchimp. The most successful attacks were against Twilio, and one failed attempt targeted the Cloudflare network.

Fake Okta Login Page

Not only that, but customers who used services like DigitalOcean and Signal, ended up becoming the targets of supply-chain assaults as a result of these breaches. What analysts have noticed, is that the hackers specifically targeted multi-aspect businesses, many of their areas of operation including cryptocurrency, technology, and the financial industry, based on the phishing domains built for the Oktapus campaigns.

However, the actual attack isn’t half as complicated as it seems, as it all starts with a simple SMS message that contains a link to a phishing page. This page looks identical to the Okta login page and asks the victims to submit their account information and 2FA codes. With the help of Okta, an identity service (IDaaS) platform, employees can access all of their company’s software with one login.

Hackers purportedly took advantage of this, attacking huge companies that rely on Okta, from MetroPCS, AT&T, Twitter, Binance, Epic Games, Evernote, and Best Buy, among many others.

Leave a Reply

Your email address will not be published. Required fields are marked *

hire hackers services Previous post Harmful Apps Downloaded 10 Million Times
dark web news Next post Dark Web Hackers Devastate Apple Devices

More Stories

“the wheel” dark fiction by nicola pett. Kinemaster mod apk kinemaster mod apk is a powerful yet user friendly video editing app that enables creators of all levels. Just voip provides telecom services for internet calling in 2022.