The 0ktapus phishing campaign is one of the best-executed security attacks of this scale to date. | Illustration by Alex Castro / The Verge

Over 130 organizations, including Twilio, DoorDash, and Signal, have been potentially compromised by hackers as part of a months-long phishing campaign nicknamed “0ktapus” by security researchers. Login credentials belonging to nearly 10,000 individuals were stolen by attackers who imitated the popular single sign-on service Okta, according to a report from cybersecurity outfit Group-IB.

Targets were sent text messages that redirected them to a phishing site. As the report from Group-IB states, “From the victim’s point of view, the phishing site looks quite convincing as it is very similar to the authentication page they are used to seeing.” Victims were asked for their username, password, and a two-factor authentication code. This…

Continue reading…


Leave a Reply

Your email address will not be published.