Over 130 companies were targeted by a sophisticated phishing campaign involving the 0ktapus threat group, resulting in thousands of compromised accounts. This initial targeting of telecommunications firms to obtain phone numbers was followed by the use of text messages with fake Okta authentication pages to gain access to company credentials. The ultimate goal was to access company mailing lists or customer-facing systems for potential supply chain attacks.
Tentacles of '0ktapus' Threat Group Victimize Over 130 Firms
Summary: Over 130 companies were targeted by a sprawling phishing campaign involving the 0ktapus threat group, resulting in thousands of compromised accounts.
Key facts
- Over 130 organizations were targeted in a multi-pronged phishing campaign.
- 9,931 accounts were compromised from over 130 firms.
- The attackers obtained phone numbers by targeting telecommunications companies.
- Phishing links mimicked Okta authentication pages to steal credentials and MFA codes.
Why it matters
The incident highlights the risks associated with multi-factor authentication (MFA) and underscores the importance of robust security practices, as attackers can bypass seemingly secure measures with relatively simple tools.
Key metrics
- Compromised Accounts: 9,931 (Number of compromised accounts across multiple organizations)
- Victimized Companies: 130+ (Number of companies impacted by the phishing campaign)
@threatpost
Embedded content for: Tentacles of '0ktapus' Threat Group Victimize Over 130 Firms