Two weeks ago, Cloudfare and Twilio announced experiencing a massive phishing attack. According to the companies, the attack was conducted with great precision and was very methodical. It tricked several employees of the company into revealing their credentials and sensitive information without feeling any hint of suspicion.
Now, two weeks later, it has been uncovered that the same group of phishers has targeted several other businesses too. As per the report published by the leading cybersecurity firm, Group-IB, the hackers have targeted around 136 other organizations with the help of a phishing kit called “Oktapus.”
The main target of the attack were mobile operators and telecommunication companies. According to reports, the “Oktapus” hackers were sending SMS messages to unsuspecting employees of various such companies.
The messages were so naturally crafted that the employees believed them to be genuine. They ended up using credentials and passwords on the Octa login page which the hackers recorded along with the 2FA code. They then used this information to bypass the employee’s security barrier and log in to their corporate account.
The Group-IB report mentioned, “From the victim’s point of view, the phishing site looks quite convincing as it is very similar to the authentication page they are used to seeing. Victims are prompted for their username and password, and once provided, a second page is shown asking for their 2FA (two-factor authentication) code.”
It has been revealed that the phishers have stolen the credential of almost 9,931 corporate users belonging to 136 organizations since March. Out of these, 5,441 accounts were protected by multi-factor authentication codes while 3,120 had unique email domains.