[MART] - Diary Diary #582 - 0ktapus Phishing Campaign

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Aug 26 21:32:43 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/26/2022 - Diary entry #582:

A new phishing campaign, active since at least March 2022, targeting Okta (an Identity-as-a-Service provider) was recently revealed. Using a phishing kit named “0ktapus“, threat actors were able to steal 9,931 Okta accounts identity credentials and the two-factor authentication (2FA) codes of more than 136 organizations from multiple industries, including cryptocurrency, technology, finance, and recruiting.

The phishing chain begins with an SMS message (Smishing) and a link to a phishing page masquerading as an Okta login page where victims are prompted to enter their account credentials and 2FA codes. Next, the attackers send the credentials to a private Telegram channel where they can retrieve them. They then use these credentials to gain access to corporate VPNs, networks, and internal customer support systems to steal customer data and conduct further supply chain attacks.

0ktapus shows how vulnerable organizations are to some basic social engineering attacks and how far-reaching the effects of such incidents can be for their partners and customers. That is why we recommend organizations train their employees on current phishing threats and how to avoid being victims.

Kind Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220826/622442ff/attachment.htm>

More information about the MART mailing list