‘Roasted 0ktapus’ hackers are back with primary focus on the BPO industry
CALIFORNIA, UNITED STATES — “Roasted 0ktapus” hackers are back with a renewed focus on getting through the Business Process Outsourcing (BPO) industry.
According to a report prepared by cybersecurity firm CrowdStrike, the group, also known as “Scattered Spider,” started deploying numerous phishing pages in January 2023.
The private report, which TechCrunch obtained, also listed the companies that are being targeted.
BPO services and digital solutions provider TaskUs was primarily included. Its client companies Mailchimp and Intuit, as well as software firm Salesforce, tech giant Comcast, and food ordering platform Grubhub were also named.
Salesforce spokesperson Allen Tsai said they are “aware of and monitor phishing campaigns industry-wide.”
“At this time, we have no indication of unauthorized access to customer data relevant to the cited report,” Tsai added.
Aside from outsourcing and tech giants, CrowdStrike noted that several tech and video game companies like Riot Games, Roblox, and Zynga are also being targeted.
Most of the group’s phishing pages were designed to mimic Okta login portals, “while a much smaller number impersonated Microsoft.”
The online hacker group made global news last year after hitting more than 130 organizations and stealing the credentials of almost 10,000 employees.
