High-profile summer attacks linked to same aggressive ransomware group
The threat group behind some of the most high profile, identity-based cyberattacks this year is also “one of the most dangerous financial criminal groups” currently in operation, Microsoft researchers said in a Wednesday report.
The group, which Microsoft identifies as Octo Tempest and other researchers identify as Oktapus, Scattered Spider and UNC3944, uses multiple forms of social engineering to gain access to organizations’ infrastructure, steal corporate data and extort victims for ransom payments, according to Microsoft Threat Intelligence.
The collection of young, native English-speaking threat actors, which was initially observed in 2022 and affiliated with the ransomware-as-a-service operation ALPHV or BlackCat in mid 2023, has claimed responsibility for major attacks against MGM Resorts, Caesars Entertainment and Clorox in the past few months.
Microsoft researchers said similar social-engineering techniques resulted in attacks against four Okta customers’ environments in late July and August.
While those attacks directly targeted Okta customers for the initial point of intrusion, a more recent string of attacks against Okta customer environments occurred when a threat actor used a stolen Okta support system administrator credential to access authentication tokens for customers, including BeyondTrust, Cloudflare and 1Password.
The report also pointed to the group’s recent focus on VMware ESXi servers, virtualization infrastructure lacking security tools which have been hit by a spree of attacks this year.
The threat actors are responsible for wide-ranging campaigns using adversary-in-the-middle techniques, social engineering and SIM swapping. Industries most recently targeted for extortion include gaming, hospitality, technology, financial services, managed service providers and manufacturing, according to Microsoft.
“The well-organized, prolific nature of Octo Tempest’s attacks is indicative of extensive technical depth and multiple hands-on-keyboard operators,” Microsoft Threat Intelligence said in the report.
Microsoft joins other threat researchers in describing the group as prevalent, highly…
