Accessibility links

Facebook   X   LinkedIn   Email

A Ransomware Group And Their Sizzling Summer Of Attacks

January 8, 2024

A ransomware threat group known by several names, one of them being Oktapus, recently made another name for itself. Thanks to its spree of high-profile attacks this summer, Microsoft researchers call them “one of the most dangerous financial criminal groups.” A closer look at this group explains who they are, who they attack, and why they’re so dangerous.

Call them what you will, Oktapus, Octo Tempest, Scattered Spider, or UNC3944, these threat actors mean business. Most recently, the group's top attacks were on MGM Resorts, Caesars Entertainment, and Clorox, just to name a few. So, who is behind this multi-named ransomware threat group?

What’s In A Name…

Whatever name this group is known by, the makeup of who’s behind it stays the same. First observed in 2022, Oktapus is a native English-speaking group made up of young threat actors. The industries their attacks are focused on are gaming and hospitality, financial services, and technology and manufacturing, among others. As a threat group known for using ransomware as the means to their goal, they’re targeting big money for their financially motivated attacks.

Other descriptions of Oktapus by security professionals include well organized, prolific, highly effective, dangerous, and capable of resorting to threats against a target’s employees and families. In other words, not exactly a group you’d invite to your next barbecue.

How Oktapus Attacks Unfurl

Microsoft Threat Intelligence reports Oktapus attacks begin by using socially engineering tactics to gain entry into an organization and its system infrastructure. From there, they hijack essential and confidential corporate information as bait for ransom payment extortion.

There’s a lengthy list of other Oktapus victims targeted this past summer. Among them were Okta, an authentication and authorization service. Following Okta was a string of attacks against its customers – Cloudflare, 1Password, and Beyond Trust.

In the ever-evolving online world where we work, shop and play, keeping one step ahead of cybercriminals is a worrying thought. While ransomware threat groups aren’t new, the continued success of Oktapus remains to be seen.


Looney Tunables Linux OS Exploit Is Anything But Amusing

Your Security

Looney Tunables Linux OS Exploit Is Anything But Amusing

There’s a comical name for a serious Linux OS security vulnerability called Looney Tunables. This latest vulnerability exploit leads to elevated privileges, via a backdoor; a dangerous outcome. Like other operating systems, a Linux OS directly manages software, memory, storage, hardware, and other critical functions. So, when a vulnerability exploit like Looney Tunables targets the largest open-sourced OS in the world, it’s time for a closer look. READ FULL STORY
Largest Ever Worldwide DDOS Attack Via HTTP/2 Vulnerability Thwarted

Corporate Security

Largest Ever Worldwide DDOS Attack Via HTTP/2 Vulnerability Thwarted

Companies around the globe claim to have fought off the largest Distributed Denial of Service Attack (DDOS) thus far. However, they also warn that users should be prepared for service disruptions in the future unless cybersecurity measures greatly improve. Three notable companies hit, Google, Cloudflare, Amazon Web Services all said the attackers were able to exploit a vulnerability in HTTP/2, a newer version of HTTP, that began in August. READ FULL STORY
Microsoft Warns of Growing Threat: New AiTM Phishing Techniques on the Rise

Scams & Phishing

Microsoft Warns of Growing Threat: New AiTM Phishing Techniques on the Rise

Microsoft recently issued a warning regarding the surge in adversary-in-the-middle (AiTM) phishing techniques, which have become increasingly prevalent in the phishing-as-a-service (PhaaS) cybercrime model. In a recent X post, the Microsoft Threat Intelligence team noted that this evolution in the PhaaS landscape enables cybercriminals to conduct large-scale phishing campaigns aimed at getting around multi-factor authentication (MFA) safeguards. These campaigns are particularly concerning because they can target a wide audience. READ FULL STORY
JACKPOT! MGM Gets Back Online After Epic Hack And What You Can Do

Your Security

JACKPOT! MGM Gets Back Online After Epic Hack And What You Can Do

It was a hack felt ‘round the country when MGM Resorts across the U.S. were crippled by a potential phishing attack. According to MGM, the cyberattack disrupted resorts across the country under their umbrella including Las Vegas, New York, and Ohio, affecting everything from casino slot machines and ATM’s to hotels and restaurants. As MGM services begin returning online, guests are finding their highly sensitive personal data was ransacked. READ FULL STORY
Sustained Phishing Campaign By The SEABORGIUM Threat Actor Reported By Microsoft

Scams & Phishing

Sustained Phishing Campaign By The SEABORGIUM Threat Actor Reported By Microsoft

The Microsoft Threat Intelligence Center (MSTIC) recently published a new blog on the sustained campaign of phishing and credential theft by the threat actor SEABORGIUM. This campaign has persistently targeted larger scale organizations over long periods of time. This debunks the idea of some that cybercriminals get into the organization and right back out. In fact, it is becoming more common for them to sneak in under the radar and wait for long periods of time. Sometimes, years before they attack. READ FULL STORY