Okta, a leading identity and access management platform, has issued a warning about an increase in sophisticated phishing attacks targeting its customers by impersonating the company’s support team.
These attacks are part of a broader campaign that has already affected several organizations, including the Federal Communications Commission (FCC) and various cryptocurrency platforms.
The attackers employ advanced social engineering techniques, creating fake Okta single sign-on (SSO) pages to harvest confidential information and multi-factor authentication (MFA) tokens.
The campaign primarily targets hundreds of users in the United States, focusing on stealing photo IDs and password reset URLs.
In response to these threats, Okta has clarified its official communication channels.
Legitimate Okta support emails will only come from [email protected] or [email protected], while system notifications are sent from [email protected] or [email protected]. Okta uses the shortcode 893-61 for SMS communications in the US.
The company emphasizes that its support team will never request passwords or MFA tokens during customer interactions.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Okta Support follows a strict validation process for authorized representatives through phone and email channels when providing technical assistance.
Security researchers have noted similarities between these attacks and the 2022 Oktapus campaign conducted by the Scattered Spider hacker group.
The current attacks utilize sophisticated techniques, including:
- Real-time communication with victims through a specialized phishing kit
- Implementation of Captcha to avoid automated detection
- Precise replication of Okta’s legitimate login interface
- Custom-tailored phishing websites using victim phone numbers.
The attackers initially hosted their infrastructure on Hostwinds and Hostinger before moving to RetnNet, a Russia-based hosting provider, potentially to extend the longevity of their malicious websites.
Patrick Tiquet, Vice President of Security and Architecture at Keeper Security, stresses the crucial role of multi-factor authentication in preventing such attacks, describing it as an essential second layer of defense against phishing attempts.
Organizations using Okta are advised to implement robust security measures, including user education and regular security posture assessments.
In the event of suspicious contact claiming to be from Okta, customers should immediately report the incident to Okta’s security team.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free