Cybersecurity News in Asia

Features
- Featured
  
  AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
  
  Monday, April 22, 2024, 4:40 PM Asia/Singapore | Case Study, Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
- Featured
  
  Immutable data critical to AI projects and cyber resilience
  
  Thursday, April 11, 2024, 11:46 AM Asia/Singapore | Data Protection, Features
News
- Featured
  
  How medical devices manufacturer Tuttnauer protects patient and personal-data safety
  
  Tuesday, April 23, 2024, 5:22 PM Asia/Singapore | Case Study, News
- Featured
  
  How much of automated internet traffic contains malicious activity?
  
  Monday, April 22, 2024, 9:02 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Large language models have their strengths and weaknesses: analysis
  
  Monday, April 22, 2024, 8:56 AM Asia/Singapore | News
Opinions
Tips
Whitepapers
Awards 2023
Directory
E-Learning

News

What did the Twilio, Cloudflare and Okta phishing attacks have in common?

By CybersecAsia editors and webmaster webmaster | Tuesday, August 30, 2022, 9:58 AM Asia/Singapore

A clocked Kermit-like hacker calledSubject X!

The recently disclosed phishing attacks on Twilio and Cloudflare employees had apparently resulted in 9,931 thousand accounts of over 130 IT-services organizations (114 USA firms or non-American firms with US-based employees) being compromised.

Now, investigations are revealing that the incidents were links in a chain—a simple yet effective single phishing campaign unprecedented in scale and reach that has been active since at least March 2022.

Codenamed ‘0ktapus’ by Group-IB researchers, the phishing campaign’s primary goal was to obtain Okta identity credentials and two-factor authentication codes from users of the targeted organizations. These users received text messages containing links to 169 unique phishing domains that mimicked the Okta authentication page of their organization.

It is still unknown how fraudsters prepared their target list and how they obtained the phone numbers. However, according to the compromised data analyzed by Group-IB, the threat actors started their attacks by targeting mobile operators and telecommunications companies and could have collected the numbers from those initial attacks. Also, clues from the phishing sites point to the use of a common phishing kit for their creation—one that researchers had not seen yet in the past.

Further examination of the phishing kit’s code showed the lines dedicated to the configuration of the Telegram bot and the channel used by the attackers to drop compromised data. The Group-IB team was able to retrieve some details about one administrator of the Telegram channel in question who goes by the nickname “X”. Forensic data show that X is based in North Carolina.

According to Rustam Mirkasymov, Head of Cyber Threat Research, Group-IB Europe: “0ktapus shows how vulnerable modern organizations are to some basic social engineering attacks and how far-reaching the effects of such incidents can be for their partners and customers. By making our findings public we hope that more companies will be able to take preventive steps to protect their digital assets.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety
In running a cloud-based portal to link its smart medical equipment, the firm has also …Read more
AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming
To test the safety/security of a generative AI feature, what unchartered bugs and human testing …Read more
Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more

Cybersecurity News in Asia

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

What businesses need to know about SEO poisoning

Featured

Immutable data critical to AI projects and cyber resilience

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Featured

How much of automated internet traffic contains malicious activity?

Featured

Large language models have their strengths and weaknesses: analysis

What did the Twilio, Cloudflare and Okta phishing attacks have in common?

A clocked Kermit-like hacker calledSubject X!

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar