Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.
The news comes from research conducted by cybersecurity firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.
“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations,” researchers wrote in their blog Thursday. “Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”
How the Hacking Campaign Worked
Unfortunately, this isn’t a wholly unfamiliar story. It’s been a pretty tough couple years for corporate cybersecurity, tough enough to inspire the question: do bluechip tech companies just totally suck at protecting themselves, or do hackers keep getting lucky, or both? While we can’t say for certain either way, what is clear is that the “0ktapus” campaign, like a lot of other recent hacking episodes, was remarkably successful at compromising a broad array of corporate networks using elementary intrusion techniques.
Researchers say that the hackers used a pretty standard tool, a phishing toolkit, to target employees of the companies that they wanted to breach. Such kits are prepackaged hacking tools that can be purchased—usually for pretty low prices—on the dark web. In this case, the hackers first went after companies that were users of