Hackers target FCC crypto firms in advanced Okta phishing attacks

pRafel RAT targets outdated Android phones in ransomware attacksppPhoenix UEFI vulnerability impacts hundreds of Intel PC modelsppCDK Global outage caused by BlackSuit ransomware attackppLinux version of RansomHub ransomware targets VMware ESXi VMsppChemical facilities warned of possible data theft in CISA CSAT breachppChrome for Android tests feature that securely verifies your ID with sitesppNew attack uses MSC files and Windows XSS flaw to breach networksppFour FIN9 hackers indicted for cyberattacks causing 71M in lossesppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppA new phishing kit named CryptoChameleon is being used to target Federal Communications Commission FCC employees using specially crafted single signon SSO pages for Okta that appear remarkably similar to the originalsppThe same campaign also targets users and employees of cryptocurrency platforms such as Binance Coinbase Kraken and Gemini using phishing pages that impersonate Okta Gmail iCloud Outlook Twitter Yahoo and AOLppThe attackers orchestrate a complex phishing and social engineering attack consisting of email SMS and voice phishing to deceive victims into entering sensitive information on the phishing pages such as their usernames passwords and in some cases even photo IDsppThe phishing operation discovered by researchers at Lookout resembles the 2022 Oktapus campaign conducted by the Scattered Spider hacking group but there is not enough evidence for a confident attributionppThe threat actors prepare the attack by first registering domains that closely resemble those of legitimate entities In the case of the FCC they created fccoktacom which is only one different by one character from the FCCs legitimate Okta singlesignon pageppThe attackers may call email or SMS the target pretending to be customer support directing them to the phishing site to recover their accountsppFor Coinbase the texts pretended to be warnings about suspicious login alerts directing users to phishing pages as shown belowppVictims reaching the phishing site are prompted to solve a CAPTCHA challenge which Lookout says serves both for filtering out bots and adding legitimacy to the phishing processppThose getting through that step are met with a welldesigned phishing page that appears as an exact replica of Oktas genuine login siteppThe phishing kit deployed by the cybercriminals enables them to interact with the victims in real time to facilitate scenarios like asking for additional authentication in case multifactor authentication MFA codes are required to take over the targets accountppThe central panel controlling the phishing process allows the attackers to customize the phishing page to include the victims phone number digits making the SMS token requests appear legitimateppAfter the phishing process is done the victim may be redirected to the actual platforms signin page or a fake portal that states their account is under reviewppBoth destinations are used to reduce suspicion on the victims side and give the attackers more time to exploit the stolen informationppLookout gained insight into the additional targets in the cryptocurrency space by analyzing the phishing kit and finding the relevant luresppThe researchers also gained shortterm access to the attackers backend logs confirming that the campaign generated highvalue compromisesppThe sites seem to have successfully phished more than 100 victims based on the logs observed explains LookoutppMany of the sites are still active and continue to phish for more credentials each hourppThe threat actors primarily used Hostwinds and Hostinger to host their phishing pages in late 2023 but later switched to the Russiabased RetnNet which may offer a more extended operational period for shady sitesppLookout couldnt determine if the CryptoChameleon phishing kit is used exclusively by a single threat actor or rented to multiple groupsppRegardless of who is behind the kit its advanced nature the targeting strategy and communication methods of its operators and the high quality of the phishing materials underscore the impact this can have on targeted organizationsppA list of indicators of compromise including command and control servers and phishing sites can be found at the bottom of Lookouts articleppNew V3B phishing kit targets customers of 54 European banksppFree Piano phish targets American university students staffppIndian man stole 37 million in crypto using fake Coinbase Pro siteppBrothers arrested for 25 million theft in Ethereum blockchain attackppCoinStats says North Korean hackers breached 1590 crypto walletsppNot a member yet Register NowppCDK Global outage caused by BlackSuit ransomware attackppRafel RAT targets outdated Android phones in ransomware attacksppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp