Recently, a massive hacking campaign took the tech industry by surprise and made everyone question the safety of our data on the internet. A shocking report published by Group-IB – a leading cybersecurity firm – revealed that a group of phishers has managed to trick employees from over 130 organizations into revealing sensitive information. They stole the login credentials of almost 10,000 employees belonging to major organizations like MailChimp, Cloudfare, and Twilio.
According to the report, the attack was planned and counted with utmost precision. It was very methodical and none of the victims felt even a hint of suspicion.
Group-IB’s research also shows that the phishers used a phishing kit called “Oktapus” to target the staff of these 130 organizations. The hacking kit came packed with several hacking tools that can be purchased from the dark web. In this particular attack, the hackers targeted the companies that used Okta – an identity and access management company that offers single-in services to platforms all across the internet.
The hackers used the toolkit to send phishing SMS to the victims. The messages were crafted in such a way that they looked like the genuine ID authentication pages of Okta. Naturally, the victims used their credentials and passwords on the Octa login page. The hackers recorded the information and used it to bypass all the security barriers and steal company data.
The Group-IB report mentioned, “Once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”