Oktapus

Threat Actor updated a year ago (2024-11-29T14:44:42.670Z)

Download STIX

Preview STIX

Oktapus, a threat actor also known as Scattered Spider, Scatter Swine, and Muddled Libra, has been identified as a significant cybersecurity risk due to its sophisticated phishing campaigns. The group first gained notoriety in 2022 when it launched the Oktapus phishing campaign, targeting employees of Okta customers, including IT, software development, and cloud services providers based in the US. The campaign resulted in unauthorized access to 163 Twilio customers, including Okta itself. The group is also linked to the audacious breaches of MGM Resorts and Caesars casino operations last fall, with security researchers suggesting that Oktapus may be working in conjunction with another threat group, AlphV, also known as BlackCat. In July 2022, Cloudflare employees were directly targeted by an Oktapus phishing attack, which used brand impersonation techniques to trick employees into reauthenticating their identities or updating account information. However, the attack was successfully thwarted by Cloudflare One, a suite of products designed to enhance cybersecurity, along with the use of physical security keys. This incident underscores the importance of robust cybersecurity measures and the effectiveness of a Zero Trust approach in mitigating such threats. Despite these setbacks, Oktapus continues to pose a significant threat to organizations worldwide. It has been associated with RansomHub, a ransomware-as-a-service (RaaS) offering that is becoming increasingly popular among threat actors. Furthermore, a phishing operation discovered by Lookout researchers in 2024 bore similarities to the 2022 Oktapus campaign, suggesting that the group's tactics continue to influence cybercriminal activities. As such, organizations are urged to remain vigilant and adopt robust cybersecurity measures to protect against such threats.

Description last updated: 2024-07-17T00:17:07.733Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Scattered Spider is a possible alias for Oktapus. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Cloudflare

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Lapsus Threat Actor is associated with Oktapus. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	2

Source Document References

Information about the Oktapus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	a year ago	Will Arrests Squash Scattered Spider's Cybercrime Assault?
Krebs on Security	a year ago	Feds Charge Five Men in ‘Scattered Spider’ Roundup
DARKReading	a year ago	Microsoft: Scattered Spider Widens Web With RansomHub & Qilin
CERT-EU	2 years ago	Hackers target FCC, crypto firms in advanced Okta phishing attacks
DARKReading	2 years ago	Teens Committing Scary Cybercrimes: What's Behind the Trend?
CERT-EU	2 years ago	Okta admits hackers accessed data on all customers during recent breach \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Scattered Spider traps 100+ victims in its web as it moves into ransomware • The Register \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	2 years ago	Scattered Spider Casino Hackers Evade Arrest in Plain Sight
DARKReading	2 years ago	Scattered Spider Casino Hackers Evade Arrest in Plain Sight
CERT-EU	2 years ago	5,000 Okta employees' data accessed in a third-party breach
CERT-EU	2 years ago	Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, More News and Jason Wood – SWN #338
DARKReading	3 years ago	Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures
CERT-EU	2 years ago	Biggest Lessons from the MGM Ransomware Attack \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	2 years ago	Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot
CERT-EU	2 years ago	Scattered Spider managed MGM Resort Network Outage brings $8m loss daily - Cybersecurity Insiders
CERT-EU	2 years ago	SaaS Super Admins Targeted in Social Engineering Campaign
CERT-EU	2 years ago	The MGM Cyberattack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?
DARKReading	3 years ago	Coinbase Crypto Exchange Ensnared in 'Oktapus'-Related Smishing Attack
CERT-EU	2 years ago	Introducing Cloudflare's 2023 phishing threats report – GIXtools
CERT-EU	2 years ago	More Okta customers trapped in Scattered Spider's web