Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.
The news comes from research conducted by cybersecurity firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.
“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations,” researchers wrote in their blog Thursday. “Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”
[…]
the hackers first went after companies that were users of Okta, the identity and access management firm that provides single sign-on services to platforms all across the web. Using the toolkit, the threat actor sent SMS phishing messages to victims that were styled to look just like the ID authentication pages provided by Okta. Thinking that they were engaging in a normal security procedure, victims would enter their information—including username, password, and multi-factor authentication code.
After they entered this information, the data was then secretly funneled to a Telegram account controlled by the cybercriminals. From there, the threat actor could use the Okta credentials to log into the organizations that the victims worked for. The network access was subsequently abused to steal company data and engage in more sophisticated supply chain attacks that targeted the broader corporate ecosystems that the firms were a part of.
[…]
Source: Oktatapus Hack Stole 10,000 Logins From 130 Different Orgs
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft