Twilio's phishing incident has ensnared Okta, affecting the identity and access management service provider.
In a series of cyberattacks that began in March, the extortion group Lapsus$ has breached Okta and Twilio, exposing sensitive customer data.
The attacks, which included text message phishing, allowed the threat actor to steal Okta identity credentials and authentication codes. According to reports, the group gained access to Okta data through a third-party vendor.
Okta, a leading identity and access management company, was initially denied, but later admitted to being breached by Lapsus$. The company asserts that no accounts were accessed by the threat actor despite some phone numbers and one-time passwords being exposed.
The threat actor used its access to Twilio's systems to search for one-time passwords sent as a result of two-factor authentication requests. Okta was one of the 163 Twilio customers impacted by the attack.
The adversary in the 'Scatter Swine' phishing campaign has compromised approximately 10,000 user credentials across 136 organizations. The group exploited usernames and passwords stolen in previous phishing campaigns to trigger text-message authentication processes.
The threat actor specifically searched for 38 unique phone numbers in Twilio's administrative portal, nearly all of which can be linked to a single targeted organization. 'Incidental' phone numbers that were subsequently exposed but not specifically targeted by the threat actor were also exposed during the attack.
Twilio notified Okta that 'unspecified data' was exposed four days after it first became aware of the attack. Okta rerouted text message communications to another provider after it was informed of the compromise.
The hacking group behind the Twilio attack, known as 0ktapus, used fake Okta login pages to trick employees and gain access to sensitive information. Targets of the threat actor include technology companies, telecommunications providers, and organizations or individuals linked to cryptocurrency.
Okta has detailed many of Scatter Swine's tactics, techniques, and procedures to help other organizations with threat hunting activities. The group is known for impersonating support to understand how authentication works and has been involved in several high-profile breaches this year.
The phishing attack against Twilio occurred on Aug 4, and the attacker who conducted the attack accessed data from 209 companies and subsequently targeted larger entities such as Crypto.com. The group's activities highlight the importance of strong security measures and regular audits to protect sensitive data.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Inquire about the purpose of Max.
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
