Hackers, who reportedly attacked more than 130 organizations and stole the credentials of about 10,000 employees last year, continue to target several technology and video game companies, according to a report obtained by TechCrunch. I’m here.
A report produced by cybersecurity firm CrowdStrike calls hackers “scattered spiders.” The company said in a previously published report that the group is also known as “Roasted 0ktapus,” apparently referencing a report published last year by his Group-IB, another cybersecurity firm. increase.
Reports like those obtained by TechCrunch are produced by threat intelligence firms for their customers, with the idea of alerting hackers who are directly targeting them, or other companies in the same sector. In the report, CrowdStrike said the lack of “additional forensic artifacts” limited the visibility of the hacking campaign, citing data obtained directly from the targeted organizations. As such, the company acknowledges that it has “low confidence” in its assessment that this is Scattered Spider activity.
Two cybersecurity officials, who requested anonymity because they are not authorized to speak to the press, said that the industry understanding is that the Scattered Spider is in the same group as 0ktapus.
“Scattered Spider continued to deploy a number of phishing pages in January 2023. CrowdStrike Intelligence found that the attackers remained focused on business process outsourcing (BPO) companies and mobile phones, while targeting games or financial software. We assess that the attackers likely expanded their scope to include companies in specialized technology sectors, read our report, which is not available to the public.
It’s unclear if this is the same group that hacked Riot Games last month, but the list of phishing domains included in the CrowdStrike report includes one made to target the video game giant.
Some phishing domains are tailored to impersonate video game makers Roblox and Zynga. Mailchimp, a leading email marketing and newsletter company, and its parent company, Intuit. Salesforce; Comcast; and Grubhub. Also on the list was TaskUs, a contractor that provides customer service to Mailchimp, Intuit and other big tech companies.
In January, Mailchimp revealed it had been hacked. This is his second hack in six months. At the time, Mailchimp said hackers targeted its employees via phishing. It is unknown if this incident is related to his Scattered Spider activities. Mailchimp did not respond to a request for comment.
Riot declined to comment.
Roblox, Zynga, TaskUs, Intuit, Salesforce, Comcast, and Grubhub did not immediately respond to requests for comment.
According to the report, a “majority” of the hacking group’s phishing pages were designed to mimic the Okta login portal, with “much less impersonating Microsoft.”
CrowdStrike did not respond to a request for comment.