A new cybercrime case has caused a lot of ink to flow in recent days. A massive campaign ofPhishing targeted over 130 companies with big names like Twilio, Cloudflare and probably Signal among them.
On August 25, 2022, Group-IB released an analysis report pointing to this case called “0ktapus”. The goal of the campaign: to collect the identifiers and two-factor authentications of Okta users, a platform that allows a company’s employees, customers and partners to connect to its resources and tools.
A simple, but extremely effective hack
The victims of this attack were targeted using an SMS containing a link pointing to a phishing site, resembling Okta’s authentication page. On this page, targets had to enter their login information and submit the form.
Following the validation of the form, the data was sent directly to a Telegram channel, managed by the hackers. Once hackers had these credentials, they could log in and steal a company’s sensitive data. The companies targeted during this attack are varied, there are worldwide, and come from various fields: software, finance, telecom, education, etc.
An attack judged as uncomplicated to implement and which showed some flaws in its configuration, as highlighted in the words of Roberto Martinez, senior analyst at Group-IB: “ Analysis of the phishing kit revealed that it was misconfigured and the way it was developed allowed the stolen credentials to be extracted for further analysis “.
How to protect against this type of attack
Despite this relative simplicity mentioned, 0ktapus, launched in March 2021, would have recovered nearly 9,931 identifiers so far. The list could be longer if we are to believe the companies cited as targets by Group-IB, but not yet recognized as victims: Microsoft, Riot Games, Coinbase, AT&T, or even Epic Games.
As this case shows, it is always important to adopt good practices to guard against this kind of attack. It is essential to always carefully check the URL on which we enter our login information. For example, of the 169 URLs used in this attack, the majority were identifiable as suspicious (“vzw-corp.net”; “mailgun-okta.com”).
Also, check the source where the link is coming from, if it is suspicious, forward it to your company’s IT team (if you have one).
Finally, if you believe that you have been the victim of one of its attacks and that your identification parameters are potentially corrupted, change your password, then log out of all active sessions. If you are in business, report this to the IT security manager.
Sources: The Verge, Group-IB
To download
- Full Messaging
- Focus on security and privacy
- 100% free
Signal is an excellent instant messaging application that has nothing to envy to WhatsApp in terms of functionality. It is one of the best solutions on the market in terms of security and confidentiality of exchanges, but shows limits for professional use.
Signal is an excellent instant messaging application that has nothing to envy to WhatsApp in terms of functionality. It is one of the best solutions on the market in terms of security and confidentiality of exchanges, but shows limits for professional use.
0