{
	"id": "adcfa6e7-e527-45e6-ae0f-6c85910e7b2d",
	"created_at": "2026-04-06T00:12:24.098923Z",
	"updated_at": "2026-04-10T03:26:41.492583Z",
	"deleted_at": null,
	"sha1_hash": "44f4002088f5124bfd974c8ea8eb594254e57961",
	"title": "Oktapus Phishing Campaign Targets Okta Identity Credentials",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 104271,
	"plain_text": "Oktapus Phishing Campaign Targets Okta Identity Credentials\r\nBy Alok Patidar\r\nPublished: 2022-09-08 · Archived: 2026-04-02 12:07:29 UTC\r\nIntroduction\r\nThough we often hear news about cyberattacks or identity thefts, big brands falling victim to these cyberattacks is\r\nquite rare.\r\nA similar incident happened recently where cybersecurity researchers revealed the latest phishing campaign that\r\ntargeted identity and access management giant Okta.\r\nThe phishing campaign, Oktapus, targeted many renowned companies that also became victims of various\r\nphishing attempts.\r\nAs per the experts, the cybercriminals sent text messages to the company's employees with a link to the phishing\r\nsites mimicking the Okta authentication page for their website.\r\nMoreover, the report revealed that once the users landed on the phishing page, they were asked for a 2FA code.\r\nAnd once the user entered their credentials to log in, their credentials were forwarded to the malicious actors that\r\nstarted the attack.\r\nGroup-IB, the company that conducted the analysis, also confirmed that once the cybercriminals could pivot and\r\nlaunch various attacks, including supply chain attacks. And this was a clear indicator that these attacks were\r\ncarefully planned and executed.\r\nAs per the report, 169 unique domains were identified involved in the Oktapus phishing campaign. And Group-IB\r\nanalyzed the resources used by fraudsters to create fake websites.\r\nFurthermore, the targetted organization were majorly from the U.S., followed by the U.K. and Canada. Most of\r\nthem were I.T. companies offering cloud and software development services, and few were dealing with finance-related work.\r\nThe incident portrays the importance of proper cybersecurity training for employees and customers since various\r\ncybersecurity best practices are useless if the end-user isn’t aware of the risks.\r\nAs per Group-IB, the end users, especially with admin rights, must always double-check the URL of a website\r\nwhere they share their login credentials to ensure maximum security. Moreover, the company officials also\r\nadvised businesses to invoke the true potential of a FIDO2-compliant security key for MFA.\r\nAlso, businesses must identify various loopholes that can help cybercriminals to exploit crucial information about\r\ncustomers and companies. Once the loopholes are identified, the best security practices must be implemented\r\nsoon.\r\nhttps://www.loginradius.com/blog/identity/oktapus-phishing-targets-okta-identity-credentials/\r\nPage 1 of 2\n\nHowever, brands need to focus on educating their employees, IT staff, and end users to ensure they’re well-prepared for any cybersecurity challenge and can quickly identify phishing attempts.\r\nThe right combination of cybersecurity best practices and employee/customer awareness works flawlessly in\r\nmitigating the risks associated with data breaches and identity thefts.\r\nLooking for an Okta alternative? Learn more about the highest rated, most secure CIAM technology in the world.\r\nSource: https://www.loginradius.com/blog/identity/oktapus-phishing-targets-okta-identity-credentials/\r\nhttps://www.loginradius.com/blog/identity/oktapus-phishing-targets-okta-identity-credentials/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.loginradius.com/blog/identity/oktapus-phishing-targets-okta-identity-credentials/"
	],
	"report_names": [
		"oktapus-phishing-targets-okta-identity-credentials"
	],
	"threat_actors": [
		{
			"id": "c3b908de-3dd1-4e5d-ba24-5af8217371f0",
			"created_at": "2023-10-03T02:00:08.510742Z",
			"updated_at": "2026-04-10T02:00:03.374705Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"UNC3944",
				"Scattered Swine",
				"Octo Tempest",
				"DEV-0971",
				"Starfraud",
				"Muddled Libra",
				"Oktapus",
				"Scatter Swine",
				"0ktapus",
				"Storm-0971"
			],
			"source_name": "MISPGALAXY:Scattered Spider",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434344,
	"ts_updated_at": 1775791601,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/44f4002088f5124bfd974c8ea8eb594254e57961.pdf",
		"text": "https://archive.orkl.eu/44f4002088f5124bfd974c8ea8eb594254e57961.txt",
		"img": "https://archive.orkl.eu/44f4002088f5124bfd974c8ea8eb594254e57961.jpg"
	}
}