The identity verification and password management programme Okta, according to the research released on Thursday, is where it all started. In the largest supply chain attack on an American corporation, researchers claim that a mysterious hacking gang was able to get 10,000 login passwords from the staff of 130 different companies. The hacking campaign might have continued for several months. Security company Group-IB investigated the hacking attempt after becoming interested in it after one of its clients fell for phishing and requested assistance.
The investigation reveals that the threat actor identified as “Oktapus” targeted employees of numerous well-known companies using straightforward strategies. The hacker(s) would gain access to corporate networks using stolen login credentials, steal data, and then enter the network of another company. Well-known software companies like Twilio, MailChimp, Cloudflare, and others are among the victims. A total of 125 distinct Twilio users had their data taken.
Okta has been the target of multiple hacks even this year. Even though we cannot be confident in either direction, it is evident that the “Oktapus” campaign, like many other recent hacking incidents, was remarkably successful in penetrating a number of company networks using straightforward intrusion techniques. According to researchers, the hackers chose to target employees of the firms they wished to breach using a toolkit for phishing, a strategy that is rather common. These preconfigured hacking tool packages are often available on the dark web for incredibly low prices.
The businesses that the hackers initially targeted in this case used Okta, an identity and access management company that offers single sign-on services to platforms all over the internet. The threat actor used the tools to send victims SMS phishing messages that closely resembled the ID authentication screens offered by Okta. The victims would pretend to follow typical security protocols while providing their username, password, and multi-factor authentication code. The data was then secretly forwarded to a Telegram account that the cybercriminals controlled once they entered this information.
The threat actor then gained access to the companies the victims had worked for using their Okta credentials. The bigger corporate ecosystems of which the firms were a part were then the subject of more complex supply chain hacks that exploited network access to obtain company data.
Researchers from Group-IB think they have identified a potential source for the phishing campaign. Using Group-own IB’s unique methods, researchers were able to find Twitter and Github accounts that might be linked to a hacker engaging in the effort. It is known that they join Telegram channels that are widely used by cybercriminals, and they go by the username “X.” The researchers have not yet disclosed the hacker’s true identity. According to researchers, a 22-year-old software developer with the same username, profile photo, and user identification appears on both profiles. According to analysts, the Github account clearly indicates that the user is based in North Carolina.
Keep Tuned with mojbuzz.com for more Entertainment