Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio
Twilio employees aren’t the only individuals recently targeted by a sophisticated phishing attack.
Cloudflare on Tuesday said three employees fell for a phishing attack with very similar characteristics but, unlike Twilio, the content delivery network was able to thwart intrusion.
“This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would likely be breached,” Cloudflare CEO Matthew Prince wrote in a blog post authored alongside engineers Daniel Stinson-Diess and Sourov Zaman.
Cloudflare employees began receiving phishing text messages pointing to a spoofed Cloudflare Okta login page more than two weeks before Twilio employees were targeted with similar messages. At least 76 Cloudflare employees received text messages on their personal and work phones in less than a minute, the company said.
Some employees’ family members were targeted as well.
Cloudflare said it found no sign of compromise when it reviewed access logs to its employee directory, a detail that further illustrates a heightened level of advanced tactics and determination mobilized by the threat actors behind this attack.
Source: Cybersecurity Dive