10 August 2022

Cloudflare employees also targeted by SMS phishing attack


Cloudflare employees also targeted by SMS phishing attack

Just a day after digital communication platform Twilio shared that some of its employees had fallen victim to an SMS phishing attack that tricked them to provide their login credentials, the content delivery network and DDoS mitigation company Cloudflare revealed that its employees were targeted in a similar attack.

The attack, according to Cloudflare, occurred around the same time as Twilio was attacked. The company said that although three of its employees took the bait, it was able to thwart the attack and that no Cloudflare systems were compromised.

As per the company, the attack took place on July 20 when its employees begun to receive legitimate-looking text messages containing a link to what appeared to be a Cloudflare Okta login page. Over the course of less than 1 minute, at least 76 employees received text messages sent from T-Mobile phone numbers on their personal and work phones. Some messages were also sent to the employee's family members.

The investigation showed that the attackers’ phishing domain was newly registered via Porkbun, and hosted on DigitalOcean and was set up less than an hour before the initial phishing wave, Cloudflare said.

The company says it has yet been able to determine how the attacker compiled the list of employee’s phone numbers, but the review of access logs has showed no signs of compromise.


Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022