Security scientists have revealed a new phishing marketing campaign focusing on Okta identification credentials and connected two-factor authentication (2FA) codes.
The assessment arrives from the Group-IB, who explained it was especially attention-grabbing due to the fact inspite of working with lower-skill strategies, the marketing campaign was equipped to compromise a substantial selection of well-regarded firms.
In actuality, attackers sent staff of the focused organizations textual content messages that contains hyperlinks to phishing web-sites that mimicked the Okta authentication web page of their group, followed by a next just one asking for a 2FA code. Upon making an attempt to log in, their victim’s credentials would then be despatched to the destructive actors at the rear of the attack.
“On top of that, when the attackers compromised an group, they were being promptly in a position to pivot and start subsequent provide chain attacks, indicating that the attack was prepared meticulously in advance,” Group-IB wrote in an advisory revealed today, August 25, 2022.
Overall, the company confirmed it detected 169 exceptional domains involved in this ‘0ktapus’ campaign. The staff did so by analyzing the sources applied to make those people web pages, some of which (visuals, fonts or scripts) have been exclusive ample to be used to locate other websites employing the exact same phishing kit.
“In this circumstance, we located an impression that is legitimately utilized by sites leveraging Okta authentication, getting employed by the phishing package,” Team-IB explained.
In terms of focused organizations, the vast majority of 0ktapus victims have been positioned in the U.S., adopted by the U.K. and Canada. The bulk of them have been companies of IT, software program development, and cloud services, but there ended up also some financial firms on the record.
To stay clear of turning out to be a 0ktapus sufferer, Group-IB reported end-buyers (specifically those people with admin rights) must generally double-check the URL of the web page exactly where they are entering qualifications. The security scientists also suggested corporations to put into practice a FIDO2-compliant security important for multi-factor authentication (MFA).
The advisory compiled by Group-IB is primarily based on a ask for from 1 of their clients as effectively as from public stories on 0ktapus by Twilio and Cloudflare.
Team-IB has also not long ago uncovered a substantial investment fraud marketing campaign focusing on European victims via on the web and phone channels.
Some sections of this post are sourced from: