Tech, gaming firms subjected to 0ktapus attacks

TechCrunch reports that numerous tech and video game companies have been targeted by an ongoing hacking campaign by the 0ktapus operation, also known as Scattered Spider, which has compromised over 130 organizations and exfiltrated nearly 10,000 employees' credentials last year. Despite uncertainties on whether 0ktapus was behind the cyberattack against Riot Games last month, the video game firm was among the threat group's targets in its phishing domains, a CrowdStrike report revealed. 0ktapus was also found to have phishing domains impersonating Zynga and Roblox, as well as email marketing firm Mailchimp and parent company Intuit, customer service contractor TaskUs, and other tech firms Salesforce, Grubhub, and Comcast. Mailchimp disclosed last month that its systems have been hacked following a phishing attack, but the association between the reported hack and 0ktapus activities remains uncertain. Meanwhile, industry-wide phishing campaigns have been on the radar of Salesforce. "At this time, we have no indication of unauthorized access to customer data relevant to the cited report," said Salesforce spokesperson Allen Tsai.