The hackers who reportedly hit more than 130 organizations last year and stole the credentials of almost 10,000 employees are still targeting several tech and video game companies, according to a report obtained by TechCrunch.
The report, prepared by cybersecurity firm CrowdStrike, calls the hackers “Scattered Spider.” In a previous publicly available report, the company said this group is also known as “Roasted 0ktapus” in an apparent reference to the report published by Group-IB, another cybersecurity firm, last year.
Reports like the one obtained by TechCrunch are prepared by threat intelligence companies for their customers, with the idea of alerting them to hackers who are either targeting the customers directly, or other companies in the same sector. In the report, CrowdStrike notes that it has limited visibility into the hacking campaign given that it has no “additional forensic artifacts,” referring to data it obtained directly from targeted organizations. That’s why the company admits it has “low confidence” in its assessment that this is activity by Scattered Spider.
Two cybersecurity insiders, who asked to remain anonymous as they were not authorized to speak to the press, said that the understanding within the industry is that Scattered Spider is the same group as 0ktapus.
“Scattered Spider continued deploying numerous phishing pages in January 2023. CrowdStrike Intelligence assesses the adversary has likely expanded its target scope to include technology sector companies specializing in gaming or financial software, while maintaining a prior focus on business process outsourcing (BPO) companies and cellular providers,” read the report, which is not publicly available.
It’s unclear if this is the same group that hacked Riot Games last month, but in a list of phishing domains included in the CrowdStrike report, there’s one that was clearly made to target the video game giant given that it includes the name of the company in the URL.
Among the phishing domains, there’s also others tailored to impersonate video game makers Roblox and Zynga, email marketing and newsletter giant Mailchimp and its parent company Intuit, Salesforce, Comcast, and Grubhub. TaskUs, a contractor that provides customer service for companies, including Mailchimp, Intuit and other tech giants, was also on the list.
In January, Mailchimp disclosed that it had been hacked — the second hack against the company in six months. At the time, Mailchimp said the hackers targeted its employees via phishing. It’s unclear if this incident is tied to the activities of Scattered Spider. Mailchimp did not respond to a request for comment.
Riot declined to comment.
Salesforce spokesperson Allen Tsai said that the company is “aware of and monitor phishing campaigns industry-wide.”
“At this time, we have no indication of unauthorized access to customer data relevant to the cited report,” Tsai said in an email.
An Intuit spokesperson did not comment as they had not seen the report.
Roblox, Zynga, TaskUs, Comcast and Grubhub did not immediately respond to a request for comment.
The report said that “the majority” of the hacking group’s phishing pages were designed to mimic Okta login portals, “while a much smaller number impersonated Microsoft.”
CrowdStrike did not respond to a request for comment.
The LockBit ransomware gang has published what it claims is the full transcript of its negotiations with Royal Mail, which continues to experience disruption due to last month’s cyberattack. The chat logs negotiating the ransom is the first data that LockBit has published following the cyberattack on Royal Mail, which left the British postal service unable to dispatch […]
CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company’s systems. The San Francisco–headquartered DevOps company said in an advisory published late Wednesday that it is currently investigating the security incident — its most recent in recent years. “We wanted to make you […]
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday. The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of […]
Leave a Reply