Over 130 Businesses, Including Signal and Twilio, are the Subject of a Phishing Attack

Over 130 Businesses, Including Signal and Twilio, are the Subject of a Phishing Attack

The attack, Oktopus, targeted more than 130 companies, attacked 169 unique domains, and stole 9,931 credentials.

A phishing campaign dubbed “Octopus” by security researchers has targeted more than 130 countries, including Twilio, DoorDash, and Cloudflare. The attackers stole the login credentials of nearly 10,000 people by mimicking Okta’s single sign-on service.



According to a report by the Group-IB cybersecurity group, the defendant used the service to defend other accounts of their victims. Signal warned its users about the defense on August 15, stating that 1,900 accounts had been hacked, while the data of 163 Twilio clients had been accessed in the attack.

The targets of the defense received redirected text messages from the phishing site that looked “pretty convincing because it looks a lot like the authentication page they used to see.” The site prompted users for a username, password, and two-factor authentication code to send to the attackers.

Roberto Martinez of Group-IB, analysis noted that the defense was amateurish and inexperienced as it was “poorly configured and the way it was developed provided the ability to extract stolen credentials for further analysis.”

However, the massive defense was able to target 169 unique domains and steal 9,931 login credentials since March 2022. The attackers also targeted major tech companies like Microsoft, T-Mobile, Verizon, Coinbase, and more.


The researchers said that “Seeing the financial companies on the hacked list gives us the idea that the defendants were also trying to steal funds. In addition, some of the targeted companies provide access to crypto assets and markets, while others are developing vehicles of investment”.

Read More News Updates Visit our Site InsightFello.

Related post

Leave a Reply

Your email address will not be published.