Twilio reveals another June security incidentSecurity Affairs

Twilio suffered another brief security incident in June 2022, the attack was carried out by the same threat actor from the August hack.

Communications company Twilio said it suffered another ‘brief security incident’ on June 29, 2022, the attack was carried out by the same threat actor as in August compromise company and had access to customer and employee information.

“Our investigation also led us to conclude that the same malicious actors were likely responsible for a brief security incident that occurred on June 29, 2022. During the June incident, a Twilio employee was socially manipulated via voice phishing ( or “vishing”) to provide their credentials, and the malicious actor was able to gain access to the contact information of a limited number of customers. reads the update to the incident report provided by the company. “The threat actor’s access was identified and eradicated within 12 hours.”

In June, threat actors obtained the credentials of a Twilio employee via a ‘vishing‘ and then used it to access contact information for a limited number of customers. The company previously notified affected customers on July 2, 2022, at which time the exact number of affected customers has not been disclosed.

Unauthorized access was identified and thwarted within 12 hours.

In late August, security firm Group-IB revealed that the threat actors behind the attacks on Twilio and Cloudy were linked to a large-scale phishing campaign targeting 136 organisations. Most of the victims are organizations providing IT, software development and cloud services.

The campaign, codenamed 0ktapus, succeeded in the compromise of 9,931 accounts, 3,120 user IDs compromised with email.

The threat actors behind the 0ktapus campaign aimed to obtain Okta credentials and two-factor authentication (2FA) codes from users of targeted organizations. Attackers could then gain unauthorized access to all company resources using this information.

Experts pointed out that despite using low-skilled methods, threat actors were able to compromise a large number of well-known organizations. Group-IB assumes the attack was carefully planned in advance, because once attackers compromised an organization, they were able to quickly pivot and launch subsequent supply chain attacks.

Threat actors targeted employees of enterprise customers of IAM leader Okta, the attack chain began with text messages sent to victims containing links to phishing sites that mimicked entities’ Okta authentication page respective targets.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(Security cases hacking, Twilio)

Source link