Hacker ‘0ktapus’ is back and targeting tech and game companies, leaked report says TechCrunch

As reported by TechCrunch, hackers who hit more than 130 organizations last year and stole the credentials of nearly 10,000 employees are still targeting a number of tech and video game companies.

The report, prepared by cybersecurity firm CrowdStrike, calls the hackers “Scattered Spider”. In a previous public reportThe company says the group is also known as “Roasted 0ktapus” in an explicit reference to report was published by Group-IB, another cybersecurity company, last year.

Reports like the one obtained by TechCrunch are prepared by threat intelligence companies for their customers, with the idea of ​​alerting them to hackers who are targeting customers or companies directly. other in the same field. In the report, CrowdStrike notes that it has limited visibility to the hacking campaign because it has no “additional forensic artifacts,” referring to the data it obtained directly from organizations authorized by the hack. targeting. That’s why the company admits it has “low confidence” in its assessment that this is a Scattered Spider operation.

Two cybersecurity insiders, who requested anonymity because they were not authorized to speak to the press, said the industry understanding is that the Scattered Spider is on the same team as 0ktapus.

“Scattered Spider continued to deploy multiple phishing sites in January 2023. CrowdStrike Intelligence assesses the competitor has likely expanded its target range to include gaming tech companies. or financial software, while maintaining the previous focus on business process outsourcing (BPO) companies and mobile vendors,” read the report, which is not publicly available. cobble.

Not sure if this is the same group hacked Riot Games last monthbut in the list of phishing domains included in the CrowdStrike report, there is one that was clearly created to target the video game giant because it included the company’s name in the URL.

Among the phishing domains, there are also others adapted to impersonate the video game makers Roblox and Zynga; email marketing and newsletter giant Mailchimp and its parent company Intuit; Sales force; Comcast; and Grubhub. TaskUs, a contractor that provides customer service to companies including Mailchimp, Intuit and other tech giants, is also on the list.

In January, Mailchimp revealed that it was hacked — second hack against the company in six months. At the time, Mailchimp said hackers were targeting their employees through phishing. It’s unclear if this incident is related to Scattered Spider’s activity. Mailchimp did not respond to a request for comment.

Riot declined to comment.

Salesforce spokesman Allen Tsai said that the company “knows and monitors phishing campaigns across the industry”.

“At this time, we have no indication of unauthorized access to customer data in connection with the cited report,” Tsai said in an email.

An Intuit spokesperson did not comment because they have not seen the report.

Roblox, Zynga, TaskUs, Comcast and Grubhub did not immediately respond to a request for comment.

The report says “the vast majority” of the hacking group’s phishing pages are designed to mimic Okta login portals, “while a much smaller number impersonating Microsoft”.

CrowdStrike did not respond to a request for comment.

Are you a Google Fi subscriber also the victim of a similar attack? Did you also receive a personal notice from the company about the hack against you? We would love to hear from you. You can safely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382 or via Wickr, Telegram and Wire @lorenzofb or email You can also contact TechCrunch via safe drop.

Source by [author_name]


News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button