Oktapus

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Oktapus, also known as Scattered Spider, is a threat actor that has been associated with several high-profile cyber attacks since 2022. This group, which is suspected to be comprised of multiple actors using the same toolkit, has targeted numerous organizations in the IT, software development, and cloud services sectors, based primarily in the United States. The group's modus operandi typically involves phishing campaigns, where they impersonate brands to trick employees into revealing sensitive information. Their first major campaign in 2022 targeted employees of Okta customers, affecting as many as 135 organizations, including Twilio and Cloudflare. The Oktapus group gained notoriety for its sophisticated phishing attack on Cloudflare in July 2022. Using brand impersonation, the attackers attempted to trick Cloudflare employees into reauthenticating their identities or updating account information. However, the attack was successfully thwarted by Cloudflare One, a suite of products designed to protect against such threats, and the use of physical security keys. Despite this, the group managed to gain unauthorized access to 163 Twilio customers during an August 2022 campaign. There is growing consensus among security researchers that Oktapus has links to other notable threat groups. It is believed to have connections with AlphV (also known as BlackCat), which claimed responsibility for an attack on MGM. Furthermore, Oktapus is suspected to be behind the breaches of MGM Resorts and Caesars casino operations. The group's tactics, such as social engineering and credential theft, have caused significant concern within the cybersecurity community, leading to increased vigilance and the development of countermeasures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Scattered Spider
2
Scattered Spider is a prominent threat actor group known for its malicious cyber activities. Their modus operandi includes searching SharePoint repositories for information, seeking to maintain persistence on targeted networks, and exfiltrating data for extortion purposes. The group primarily uses p
UNC3944
1
UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor group that has been active since 2021. The group is known for its sophisticated cyberattacks, leveraging the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectu
Alphv
1
AlphV, a notorious threat actor in the cybersecurity industry, has been responsible for numerous high-profile ransomware attacks. The group's activities include the theft of 5TB of data from Morrison Community Hospital and hacking Clarion, a global manufacturer of audio and video equipment for cars.
Scatter Swine
1
Scatter Swine, also known by multiple names such as 0ktapus, Scattered Spider, UNC3944, and Muddled Libra, is a threat actor group that has been active since early 2022. The group first came to light in August 2022 when they executed smishing attacks against over 100 organizations, including Twilio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Cloudflare
Mandiant
Ransomware
Reconnaissance
Okta
roundcube
Coinbase
MGM
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LapsusUnspecified
1
Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor
Scattered SwineUnspecified
1
None
Lapsus GroupUnspecified
1
The Lapsus Group, identified as a threat actor originating from North Korea, has been involved in various cybercriminal activities, primarily focusing on cryptocurrency theft. This group is known for its use of sophisticated tools such as RedLine and QakBot, which have been instrumental in their ope
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Oktapus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Hackers target FCC, crypto firms in advanced Okta phishing attacks
DARKReading
5 months ago
Teens Committing Scary Cybercrimes: What's Behind the Trend?
CERT-EU
7 months ago
Okta admits hackers accessed data on all customers during recent breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
10 months ago
Scattered Spider traps 100+ victims in its web as it moves into ransomware • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
DARKReading
8 months ago
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
DARKReading
8 months ago
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
CERT-EU
8 months ago
5,000 Okta employees' data accessed in a third-party breach
CERT-EU
8 months ago
Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, More News and Jason Wood – SWN #338
DARKReading
a year ago
Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures
CERT-EU
10 months ago
Biggest Lessons from the MGM Ransomware Attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot
CERT-EU
10 months ago
Scattered Spider managed MGM Resort Network Outage brings $8m loss daily - Cybersecurity Insiders
CERT-EU
10 months ago
SaaS Super Admins Targeted in Social Engineering Campaign
CERT-EU
10 months ago
The MGM Cyberattack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?
DARKReading
a year ago
Coinbase Crypto Exchange Ensnared in 'Oktapus'-Related Smishing Attack
CERT-EU
a year ago
Introducing Cloudflare's 2023 phishing threats report – GIXtools
CERT-EU
10 months ago
More Okta customers trapped in Scattered Spider's web
CERT-EU
a year ago
Mandiant: Teenagers among 'most prevalent threat actors'
CERT-EU
a year ago
An August reading list about online security and 2023 attacks landscape – GIXtools
CERT-EU
a year ago
'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms