For many years, cybercriminals have used social engineering and phishing attacks to trick unsuspected victims into providing their credentials. These credentials have been used to provide cybercriminals with access to a wide range of company resources for a number of well-documented
purposes. To remain ahead of threat actors, and in its mission to fight all types of cybercrime, Group-IB helps organizations protect their digital assets and identify the miscreants targeting them by investigating phishing attacks.
On July 26, 2022, Group-IB intelligence analysts received a request from a client of our Threat Intelligence solution asking for additional information on a recent phishing attack that they had experienced. The investigation started after the client provided domain names and IP addresses used in the attack.
Using a combination of Group-IB Threat Intelligence
, and in-house and public tools we were able to obtain a list of domains that had been attacked. Our client was only one of several well-known organizations that were targeted in a massive phishing campaign codenamed 0ktapus
by Group-IB researchers. The initial objective of the attackers was clear: obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations. With this information in hand, the attackers could gain unauthorized access to any enterprise resources the victims have access to.
This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations. Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.
Group-IB decided to make its research on 0ktapus
publicly available when Signal reported
1,900 of their user’s accounts were probably hacked. We hope this blog will provide a better understanding of what happened and will give useful recommendations on how to prevent your organization from becoming a victim.