(ANSA) - ROME, AUGUST 29 - A huge phishing campaign has affected over 130 companies, many in the United States.
It was called Oktapus and was discovered by Group-IB researchers.
Cybercriminals exploited the notoriety of Okta, a California-based company that provides access and identity management services.
The campaign was launched in March 2022, the main goal of cybercriminals was to obtain Okta credentials and authentication codes in two factors from company employees.
The latter received smscon links to phishing sites that mimicked the Okta login page.
The Oktapus campaign made it possible to steal 9,931 credentials that were used to enter the IT systems of companies via Vpn and other remote access devices.
The number of unique domains targeted by hackers is very large, 169 in total.
Besides Twillo, DoorDash eSignal the list of domains also includes those of AT&T, Verizon, Coinbase, Best Buy, T-Mobile, RIot Games and Epic Games.
According to the specialized website TechCrunch, one of the alarm bells was the warning issued on August 15 by the Signal messaging service which warned users that the hacking of Twilio - a technology company - allowed up to 1,900 Signal accounts to be revealed to cybercriminals.
"Oktapus demonstrates how vulnerable modern organizations are to some simple social engineering attacks and how far-reaching the effects of these incidents are for their partners and customers," Group-IB experts explain.
(HANDLE).