0ktapus

Threat Actor updated 6 months ago (2024-05-04T17:36:33.575Z)
Download STIX
Preview STIX
0ktapus, also known as Scatter Swine, is a threat actor that first emerged in August 2022 and has been linked to smishing attacks against over 100 organizations, including Twilio and Cloudflare. The group's primary objective was to gain access to company mailing lists or customer-facing systems, with the aim of facilitating supply-chain attacks. The campaign was particularly successful, and its full scale may not be fully understood for some time. The initial strategy involved targeting telecommunications companies to gain access to potential targets' phone numbers. The defining attack style of 0ktapus, termed Muddled Libra, came into focus in late 2022 with the release of the 0ktapus phishing kit. This kit provided a prebuilt hosting framework and bundled templates, making it an attractive tool for various cybercriminals. Palo Alto Networks Unit 42 theorized that the creators of the 0ktapus phishing kit might not possess the same advanced capabilities as Muddled Libra. While there are overlaps in tradecraft, no definitive connection between 0ktapus and UNC3944 has been established. The 0ktapus phishing kit has seen widespread adoption among other threat actors, even though using the kit alone does not necessarily classify a threat actor as what Unit 42 refers to as Muddled Libra. The e-crime group's attacks typically begin with the use of smishing and the 0ktapus phishing kit to establish initial access, eventually leading to data theft and long-term persistence. Various aliases have been used to track this cluster of activity, including Roasted 0ktapus, Scattered Spider, and UNC3944.
Description last updated: 2023-10-11T01:33:47.075Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the 0ktapus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more