Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, Cloudflare, and Klaviyo, compromised over 130 organizations in the same phishing campaign.

This phishing campaign utilized a phishing kit codenamed ‘0ktapus’ to steal 9,931 login credentials that the hackers then used to gain access to corporate networks and systems through VPNs and other remote access devices.

According to a Group-IB report, the 0ktapus campaign has been underway since at least March 2022, aiming to steal Okta identity credentials and 2FA codes and use them to carry out subsequent supply chain attacks.