Sequretek Advisory - The 0ktapus Phishing Campaign
9/02/2022

A recent spike in Smishing – SMS phishing – shows attackers using text messages to steal remote access credentials and one-time passcodes from employees.

• Security researchers at Group-IB have recently investigated a unique phishing campaign that was remarkable for its use of a fairly low-end technique to cause large scale damage. The organizations affected included some of the well-known ones providing identification services. The attackers then leveraged these stolen credentials to quickly target the organizations at the end of this supply chain.

• The fact that many of these organizations use Okta’s Identity and Access Management services to provide secure access led the researchers to name this campaign 0ktapus.

• The common usage of mobile phones to manage remote employees throughout the Coronavirus pandemic has become a liability for organizations that use them for phishable forms of multi-factor authentication, such as one-time codes generated by a mobile app or delivered via SMS.

• This type of data extraction is now being massively automated, and employee authentication compromises can quickly lead to security and privacy risks for the employer’s partners or for anyone in their supply chain.

Sign Up Here for Download