0ktapus

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
0ktapus, also known as Scatter Swine, is a threat actor that first emerged in August 2022 and has been linked to smishing attacks against over 100 organizations, including Twilio and Cloudflare. The group's primary objective was to gain access to company mailing lists or customer-facing systems, with the aim of facilitating supply-chain attacks. The campaign was particularly successful, and its full scale may not be fully understood for some time. The initial strategy involved targeting telecommunications companies to gain access to potential targets' phone numbers. The defining attack style of 0ktapus, termed Muddled Libra, came into focus in late 2022 with the release of the 0ktapus phishing kit. This kit provided a prebuilt hosting framework and bundled templates, making it an attractive tool for various cybercriminals. Palo Alto Networks Unit 42 theorized that the creators of the 0ktapus phishing kit might not possess the same advanced capabilities as Muddled Libra. While there are overlaps in tradecraft, no definitive connection between 0ktapus and UNC3944 has been established. The 0ktapus phishing kit has seen widespread adoption among other threat actors, even though using the kit alone does not necessarily classify a threat actor as what Unit 42 refers to as Muddled Libra. The e-crime group's attacks typically begin with the use of smishing and the 0ktapus phishing kit to establish initial access, eventually leading to data theft and long-term persistence. Various aliases have been used to track this cluster of activity, including Roasted 0ktapus, Scattered Spider, and UNC3944.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the 0ktapus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Threat Post
a year ago
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
CERT-EU
a year ago
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
CERT-EU
a year ago
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering – GIXtools