Recently, more than 130 organizations were exposed to the risks of a sophisticated hacking attempt made using phishing kits. The credentials of almost 10000 employees were exposed in the process.
Communications giant, Twilio, was targeted by the hackers. According to the end-to-end encrypted messaging application Signal, hackers could access the contact numbers and SMS verification codes of around 1900 customers.
Group-IB says
As per Group-IB, a cybersecurity company, this hacking attempt on Twilio was part of a bigger campaign by the Oktapus hacking agency. According to a Group-IB blog post, the attack was well-designed and executed as reported by Twilio and Cloudflare.
Attackers specifically targeted workers at organizations that use Okta, a leader in identity and access management (IAM).
These workers received text messages with links to phishing websites that looked exactly like their company’s Okta authentication page.
The Group-IB Threat Intelligence team discovered 169 distinct domains that were a part of the Oktapus campaign in total. According to the Group-IB study, the majority of the targeted businesses are in the US. Some of the organizations affected had employees in the US but had their headquarters in foreign nations.
According to researchers, the hackers had the primary intention of gaining access to corporate services provided by the organizations.
Twilio is the owner of a 2-factor authentication software called Authy. The company revealed that it became aware of unauthorized access to customer information of certain accounts. The attack was made using sophisticated software designed specifically to steal crucial information about employees.