Type
Incident
Actors
Pub. date
August 8, 2022
Initial access
End-user compromise
Impact
Supply chain attack
Observed techniques
References
https://sec.okta.com/scatterswinehttps://www.group-ib.com/blog/0ktapus/https://www.twilio.com/blog/august-2022-social-engineering-attackhttps://support.signal.org/hc/en-us/articles/4850133017242https://blog.cloudflare.com/2022-07-sms-phishing-attacks/https://mailchimp.com/august-2022-security-incident/https://doordash.news/get-the-facts/how-were-responding-to-a-third-party-vendor-phishing-incident/https://www.digitalocean.com/blog/digitalocean-response-to-mailchimp-security-incidenthttps://techcrunch.com/2023/02/02/0ktapus-hackers-are-back-and-targeting-tech-and-gaming-companies-says-leaked-report/
Status
Finalized
Last edited
Jun 2, 2024 11:58 AM
A threat actor dubbed “Oktapus” / “ScatterSwine” conducted a widespread SMishing campaign against 136 organizations, and in some cases (Such as MailChimp, DoorDash and Digital Ocean) was successful in gaining initial access to their systems and exfiltrating customer data. One of the successfully targeted companies was Twilio, where the attackers managed to gain access to a customer support console. This allowed them to collect 2FA codes belonging to customers of companies using Twilio’s 2FA service. This in turn enabled the threat actor to retrieve data related to customers of 163 such organizations, including Okta and Signal.
