Oktapus phishing campaign exploit MFA to compromise 130 companies

9,931 accounts at more than 130 organizations were compromised by a phishing attack on Twilio and Cloudflare employees. 114 US companies and other companies in 68 countries were impacted.

According to security researchers at Group-IB, the threat actors dubbed Oktapus had only one aim in compromising the identity and access management company Okta. To achieve their goal, the attackers launched their campaign by targeting telecommunications companies to gain access to the phone numbers of potential targets.

“According to the compromised data analyzed by Group-IB, the threat actors started their attacks by targeting mobile operators and telecommunications companies and could have collected the numbers from those initial attacks,” the researchers wrote.

The attackers then sent phishing links to targets via SMS. These links led the victims to websites that pretended to be the Okta authentication page used by the target’s employer. Afterwards, the victims were asked to provide Okta identity credentials in addition to an MFA multifactor code that the employees used to log into their accounts.

The sources for this piece include an article in ThreatPost.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web