okta hackers behind twilio and cloudfare breach hit over 130 organisations


The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.

Twilio And Cloudfare

Okta Hackers

The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations."

At least 169 unique phishing domains are said to have been set up for this purpose, with victim organizations primarily located in the U.S. (114), India (4), Canada (3), France (2), Sweden (2), and Australia (1), among others. These websites were united by the fact that they made use of a previously undocumented phishing kit.

A majority of the affected organizations are software companies, followed by those belonging to telecom, business services, finance, education, retail, and logistics sectors. Some of the other confirmed victims besides Twilio and Cloudflare are Klaviyo and MailChimp.



Phishing Campaign

While the threat actor may have been lucky in their attacks it is far more likely that they carefully planned their phishing campaign to launch sophisticated supply chain attacks," Group-IB analyst Roberto Martinez said.

Visit for Latest  News

Become Cyber Security Expert from Craw Security Institute 

Craw Security

Contact us:  951 380 5401