Digital communications platform has concluded its investigation into a sophisticated social engineering attack. As it turns out, attackers compromised Twilio systems a month earlier than previously thought.
On August 7, Twilio disclosed a data breach, saying phishers fooled some of its employees into providing their credentials and then used them to access the company’s internal systems.
Bogus SMS messages (smishing) were sent in mid-July. But in the latest blog post, Twilio said it had found evidence that the same malicious actors were likely responsible for a brief security incident on June 29.
“In the June incident, a Twilio employee was socially engineered through voice phishing (or “vishing”) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.
The attacker’s access was eradicated within 12 hours, and the affected customers were notified about the incident on July 2.
Twilio also noted that the last observed unauthorized activity in the company’s environment was on August 9.
“209 customers – out of a total customer base of over 270,000 – and 93 Authy end users – out of approximately 75 million total users – had accounts that were impacted by the incident,” the company said.
The malicious actors, dubbed 0ktapus or Scatter Swine, have launched attacks against numerous technology, telecommunications, and cryptocurrency-related organizations and individuals.
The attackers identified employee mobile numbers, sent smishing texts or made vishing phone calls, and purported to trick employees into clicking on links to fake login pages to harvest their credentials.
Using the stolen credentials, trackers advanced reconnaissance operations within the target networks to attempt user account takeovers and further smishing efforts targeting other organizations.
More from Cybernews:
Subscribe to our newsletter