Cryptocurrency trade Coinbase has confirmed it was briefly compromised by the identical attackers who focused Twilio, Cloudflare, DoorDash, and over 100 different organizations final 12 months.
In a postmortem evaluation of the incident revealed over the weekend, Coinbase stated so-called “0ktapus” hackers stole the login credentials of considered one of its workers in an try to realize distant entry to the corporate’s techniques.
0ktapus is a hacking group that targets over 130 organizations in 2022, typically spoofing Okta’s login pages, making an attempt to steal the credentials of hundreds of workers. In keeping with a leaked Crowdstrike report reviewed by coursesfromhome, the gang is now focusing on a number of know-how and online game firms.
For Coinbase, 0ktapus hackers despatched spoofed SMS textual content messages to a number of workers on February 5, requiring them to urgently log in utilizing the hyperlinks offered to obtain necessary messages. I advised you one thing. One worker adopted a phishing hyperlink and entered his credentials. Within the subsequent part, the attackers tried to log into her Coinbase’s inside techniques utilizing the stolen credentials, which failed because the entry was protected by multi-factor authentication.
Roughly 20 minutes later, the attackers used voice phishing (“vishing”) to name an worker claiming to be an worker of the Coinbase IT staff and trick the sufferer into logging into their workstation. instructed. This allowed the attacker to view worker data equivalent to title, electronic mail handle, and cellphone quantity.
“The attackers had been capable of view the dashboards of a handful of inside communication instruments and entry restricted worker contact data,” Coinbase spokesperson Jaclyn Gross sales advised coursesfromhome. “Menace actors had been capable of view particular views of inside dashboards and entry restricted worker contact data by means of display sharing.”
Nonetheless, Coinbase says its safety staff has responded shortly, stopping risk accessors from accessing buyer knowledge and funds. “Our safety staff was capable of shortly detect anomalous exercise and stop different entry to our inside techniques and knowledge,” added Gross sales.
Coinbase stated it had no entry to buyer knowledge, however the firm’s chief data safety officer, Jeff Langlhofer, is contemplating switching to {hardware} safety keys for higher entry to accounts. It stated it might encourage customers to take action, however didn’t disclose whether or not it internally makes use of {hardware} keys that can not be phished.