Widespread Okta phishing campaign impacts over 130 organizations

More than 130 other organizations have been compromised by the same 0ktapus phishing campaign that resulted in successful attacks against Twilio, Klaviyo, and MailChimp, as well as an averted attack attempt against Cloudflare, according to BleepingComputer. Most of the 136 companies targeted by 0ktapus, which spoofed identity-as-a-service platform Okta as a means to exfiltrate credentials and two-factor authentication codes to be leveraged in succeeding supply chain attacks, were located in the U.S., while nearly half of the victimized organizations are in the telecommunications and software sectors, a report from Group-IB revealed. Since at least March, threat actors were able to steal 9.931 user credentials, 5,441 records with MFA codes, and 3,129 records with emails from the impacted organizations, researchers added. Further examination of the phishing kit leveraged in the campaign enabled researchers to identify the admin of the Telegram channel leveraged for data exfiltration as 'X,' whose account was found to be based in North Carolina.