‘0ktapus’ hackers are again and focusing on tech and gaming corporations, says leaked report • TechCrunch

The hackers who reportedly hit greater than 130 organizations final yr and stole the credentials of virtually 10,000 workers are nonetheless focusing on a number of tech and online game corporations, in response to a report obtained by TechCrunch.

The report, ready by cybersecurity agency CrowdStrike, calls the hackers “Scattered Spider.” In a earlier publicly out there report, the corporate stated this group is also referred to as “Roasted 0ktapus” in an obvious reference to the report revealed by Group-IB, one other cybersecurity agency, final yr.

Stories just like the one obtained by TechCrunch are ready by risk intelligence corporations for his or her prospects, with the concept of alerting them to hackers who’re both focusing on the shoppers immediately, or different corporations in the identical sector. Within the report, CrowdStrike notes that it has restricted visibility into the hacking marketing campaign on condition that it has no “extra forensic artifacts,” referring to information it obtained immediately from focused organizations. That’s why the corporate admits it has “low confidence” in its evaluation that that is exercise by Scattered Spider.

Two cybersecurity insiders, who requested to stay nameless as they weren’t licensed to talk to the press, stated that the understanding inside the {industry} is that Scattered Spider is identical group as 0ktapus.

“Scattered Spider continued deploying quite a few phishing pages in January 2023. CrowdStrike Intelligence assesses the adversary has seemingly expanded its goal scope to incorporate expertise sector corporations specializing in gaming or monetary software program, whereas sustaining a previous deal with enterprise course of outsourcing (BPO) corporations and mobile suppliers,” learn the report, which isn’t publicly out there.

It’s unclear if this is identical group that hacked Riot Video games final month, however in a listing of phishing domains included within the CrowdStrike report, there’s one which was clearly made to focus on the online game large on condition that it consists of the title of the corporate within the URL.

Among the many phishing domains, there’s additionally others tailor-made to impersonate online game makers Roblox and Zynga; electronic mail advertising and marketing and e-newsletter large Mailchimp and its dad or mum firm Intuit; Salesforce; Comcast; and Grubhub. TaskUs, a contractor that gives customer support for corporations, together with Mailchimp, Intuit and different tech giants, was additionally on the checklist.

In January, Mailchimp disclosed that it had been hacked — the second hack towards the corporate in six months. On the time, Mailchimp stated the hackers focused its workers by way of phishing. It’s unclear if this incident is tied to the actions of Scattered Spider. Mailchimp didn’t reply to a request for remark.

Riot declined to remark.

Salesforce spokesperson Allen Tsai stated that the corporate is “conscious of and monitor phishing campaigns industry-wide.”

“Presently, we have now no indication of unauthorized entry to buyer information related to the cited report,” Tsai stated in an electronic mail.

An Intuit spokesperson didn’t remark as they’d not seen the report.

Roblox, Zynga, TaskUs, Comcast, and Grubhub didn’t instantly reply to a request for remark.

The report stated that “the bulk” of the hacking group’s phishing pages have been designed to imitate Okta login portals, “whereas a a lot smaller quantity impersonated Microsoft.”

CrowdStrike didn’t reply to a request for remark.

Are you a Google Fi subscriber that was additionally a sufferer of the same assault? Did you additionally get a personalised notification from the corporate in regards to the hack towards you? We’d love to listen to from you. You possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Wickr, Telegram and Wire @lorenzofb, or electronic mail [email protected]. You can too contact TechCrunch by way of SecureDrop.