ScatterSwine, UNC3944 (Mandiant), Octo Tempest (MSFT), Storm-0875 (MSFT), Scattered Spider, Muddled Libra (Unit42), LUCR-3 (Permiso)
The 0ktapus cyber group, also known by aliases such as ScatterSwine, UNC3944, Scattered Spider, and Muddled Libra, is a cybercrime group known for its phishing campaigns and credential theft operations. The group gained particular notoriety for targeting organizations primarily in the United States across various sectors, aiming to steal credentials that could grant them access to victim networks and resources. Their tactics often involve the use of SMS phishing (smishing) and voice phishing (vishing) to deceive employees into revealing their login details, particularly focusing on circumventing multi-factor authentication mechanisms.
One of their most significant campaigns involved attempting to compromise the Okta identity and access management services used by companies to manage user authentication and access permissions. By gaining access to such systems, the group could potentially have wide-ranging access to multiple platforms and sensitive data belonging to the compromised organization.