Just a day after digital communication platform Twilio shared that some of its employees had fallen victim to an SMS phishing attack that tricked them to provide their login credentials, the content delivery network and DDoS mitigation company Cloudflare revealed that its employees were targeted in a similar attack.
The attack, according to Cloudflare, occurred around the same time as Twilio was attacked. The company said that although three of its employees took the bait, it was able to thwart the attack and that no Cloudflare systems were compromised.
As per the company, the attack took place on July 20 when its employees begun to receive legitimate-looking text messages containing a link to what appeared to be a Cloudflare Okta login page. Over the course of less than 1 minute, at least 76 employees received text messages sent from T-Mobile phone numbers on their personal and work phones. Some messages were also sent to the employee's family members.
The investigation showed that the attackers’ phishing domain was newly registered via Porkbun, and hosted on DigitalOcean and was set up less than an hour before the initial phishing wave, Cloudflare said.
The company says it has yet been able to determine how the attacker compiled the list of employee’s phone numbers, but the review of access logs has showed no signs of compromise.