When Oktapuses Attack

Share This Post

Group-IB, a Singapore based security and threat research company, identified a multiphase smishing (I really hate that word) campaign complete with MFA capture. The campaign netted (see what I did there?) nearly 10,000 credentials spread across 130 organizations.  Based on their research, the companies targeted were primarily US based with a heavy emphasis on software development, telecommunications, business services, and financial organizations.  Some of the big-name companies which were confirmed compromised include Twilio, Cloudflare, Klaviyo, MailChimp, and Signal.  Based on the creation times of identified malicious domains, Group-IB demonstrates that the initial round of phishing appears to have started with the teleco providers, but also focused on organizations that could further provide opportunities for future supply chain attacks or confidential data that could be exfiltrated and sold.  Based on the technical report from Group-IB, one of the parties responsible is likely already known by law enforcement and may find himself in a holding tank soon (because phish). 

Recommendations:

  1. Train your end users to be paranoid.

TLDR version: https://www.group-ib.com/media/0ktapus-campaign/

Technical Report with IOCs: https://blog.group-ib.com/0ktapus



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.