Phishing Still Works

10950190672?profile=RESIZE_400xZendesk, a customer service solutions provider, has suffered a data breach that resulted from employee account credentials getting phished by hackers.  Cryptocurrency trading and portfolio management company, Coinigy revealed last week that it had been informed by Zendesk about the cybersecurity incident.

According to the email received by Coinigy, Zendesk learned on 25 October 2022, that several employees were targeted in a “sophisticated SMS phishing campaign.”  Some employees took the bait and handed over their account credentials to the attackers, allowing them to access unstructured data from a logging platform between 25 September and 26 and October 2022.[1]  Oye !!

Zendesk representatives told Coinigy that, as part of its ongoing review, on 12 January 2023, that service data belonging to the company’s account may have been in the logging platform data.  Zendesk said there was no indication that Coinigy’s Zendesk instance had been accessed, but its investigation is still ongoing.

Zendesk does not appear to have published any statement or notice related to this incident on its website.  Based on the available information, it is possible that the attack on Zendesk is related to a campaign named 0ktapus, in which a threat actor that appears to be financially motivated targeted more than 130 organizations between March and August 2022, including major companies such as Twilio and Cloudflare.

The 0ktapus attackers used SMS-based phishing messages to obtain employee credentials and victims included cryptocurrency companies.  Twilio and Cloudflare discovered breaches in August 2022, but there was no indication that the campaign was not ongoing, so it is possible that the same hackers targeted Zendesk a few months later.  While Coinigy appears to have been notified by Zendesk about the data breach only in January 2023, other victims appear to have been informed much sooner.

The US-based cryptocurrency exchange Kraken informed customers about a Zendesk breach that involved phishing and unauthorized access to the Zendesk logging system in November 2022.  Kraken said at the time that while accounts and funds were not at risk, the attackers did view the content of support tickets, which contained information such as name, email address, date of birth and phone number.

This is not the first data breach disclosed by Zendesk.  In 2019, the company revealed that it had become aware of a security incident that hit roughly 10,000 accounts.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com             

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

[1] https://www.securityweek.com/zendesk-hacked-after-employees-fall-for-phishing-attack/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!