Are Tech, Gaming Companies Back To ‘0ktapus’ Nightmares?

Recently, tech and gaming organisations faced a harrowing experience of '0ktapus' hackers known for sprawling phishing campaigns that spoofed multi-factor authentication systems used by these organizations.

As of last year, the hackers reportedly hit more than 130 organisations, stealing the credentials of almost 10,000 employees in the process, while still targeting several other tech and video game companies. 

According to a report prepared by cybersecurity firm, CrowdStrike, these hackers are identified as “Scattered Spider”. 

In another report publicly made available, CrowdStrike described this group as “Roasted 0ktapus” while clearly referencing another publication by Group-IB, another cybersecurity firm, last year.

Based on anonymous comments from two cybersecurity insiders, the understanding within the industry is that Scattered Spider is the same group as 0ktapus.

In another unpublished report, “Scattered Spider continued deploying numerous phishing pages in January 2023. CrowdStrike Intelligence assesses the adversary has likely expanded its target scope to include technology sector companies specializing in gaming or financial software while maintaining a prior focus on business process outsourcing (BPO) companies and cellular providers.”

Presently, we cannot readily link last month's hack of Riot Games to this same group.  

However, in a list of phishing domains that CrowdStrike included in their report, one of them clearly targeted the video game giant such that the company's name is included in the URL.

Other phishing domains are tailored toward impersonating video game makers Roblox and Zynga, email marketing, and newsletter giant Mailchimp and its parent company Intuit, Salesforce, Comcast, and Grubhub. 

Even TaskUs, a contractor that provides customer service for companies, including Mailchimp, Intuit, and other tech giants, was also on the list.

Recently, Mailchimp disclosed that it had been hacked.

This is the second hack against the company in six months during which the company admitted the hackers targeted its employees via phishing.