0ktapus

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
0ktapus, also known as Scatter Swine, is a threat actor that first emerged in August 2022 and has been linked to smishing attacks against over 100 organizations, including Twilio and Cloudflare. The group's primary objective was to gain access to company mailing lists or customer-facing systems, with the aim of facilitating supply-chain attacks. The campaign was particularly successful, and its full scale may not be fully understood for some time. The initial strategy involved targeting telecommunications companies to gain access to potential targets' phone numbers. The defining attack style of 0ktapus, termed Muddled Libra, came into focus in late 2022 with the release of the 0ktapus phishing kit. This kit provided a prebuilt hosting framework and bundled templates, making it an attractive tool for various cybercriminals. Palo Alto Networks Unit 42 theorized that the creators of the 0ktapus phishing kit might not possess the same advanced capabilities as Muddled Libra. While there are overlaps in tradecraft, no definitive connection between 0ktapus and UNC3944 has been established. The 0ktapus phishing kit has seen widespread adoption among other threat actors, even though using the kit alone does not necessarily classify a threat actor as what Unit 42 refers to as Muddled Libra. The e-crime group's attacks typically begin with the use of smishing and the 0ktapus phishing kit to establish initial access, eventually leading to data theft and long-term persistence. Various aliases have been used to track this cluster of activity, including Roasted 0ktapus, Scattered Spider, and UNC3944.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Scattered Spider
1
Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur
Scatter Swine
1
Scatter Swine, also known by multiple names such as 0ktapus, Scattered Spider, UNC3944, and Muddled Libra, is a threat actor group that has been active since early 2022. The group first came to light in August 2022 when they executed smishing attacks against over 100 organizations, including Twilio
Muddled Libra
1
Muddled Libra is a notable threat actor known for its sophisticated use of cloud services, particularly Amazon Web Services (AWS) and Microsoft Azure, to execute cyberattacks. The group leverages legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS, Muddled Libra t
UNC3944
1
UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor that has been active since 2021. Initially targeting telecommunication firms and tech companies, the group has expanded its range to include hospitality, retail, media, and financial services sectors. The gr
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the 0ktapus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering – GIXtools
CERT-EU
a year ago
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
Threat Post
a year ago
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms