The recent attack on Twilio appears to be part of a much larger hacking operation. More than 130 other companies were affected.
According to Group-IB, the login credentials and sensitive information of approximately 10,000 employees were captured in a large-scale hacking operation. Organizations that use Okta for single sign-on were targeted in particular.
The attacks on the companies affected started with phishing. Both employees’ login details and the required two-factor authentication details were stolen. This made it easier to compromise systems.
The hackers used various images, fonts and scripts, many of which are linked to popular kits. The phishing kit in question also used a legitimate image that’s normally applied for Okta authentication.
Multiple sectors attacked
Group-IB points out that the operation probably affected multiple companies because phone numbers were captured in early attacks on telecom organizations like operators. The captured phone numbers may have been used to launch other attacks, similar to supply chain attacks. Other victims included IT companies, financial institutions and gaming developers. Companies in the United States and Canada were popular targets.