Twilio employees aren’t the only individuals recently targeted by a sophisticated phishing attack.
Cloudflare on Tuesday said three employees fell for a phishing attack with very similar characteristics but, unlike Twilio, the content delivery network was able to thwart intrusion.
“This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would likely be breached,” Cloudflare CEO Matthew Prince wrote in a blog post authored alongside engineers Daniel Stinson-Diess and Sourov Zaman.
Cloudflare employees began receiving phishing text messages pointing to a spoofed Cloudflare Okta login page more than two weeks before Twilio employees were targeted with similar messages. At least 76 Cloudflare employees received text messages on their personal and work phones in less than a minute, the company said.
Some employees’ family members were targeted as well.
Cloudflare said it found no sign of compromise when it reviewed access logs to its employee directory, a detail that further illustrates a heightened level of advanced tactics and determination mobilized by the threat actors behind this attack.
All phishing text messages originated from four phone numbers issued by T-Mobile, and directed employees to a domain registered at Porkbun less than 40 minutes before the campaign began, Cloudflare said.
Attacks on third-party vendors such as Twilio and Cloudflare produce inherently greater risks because a breach could potentially compromise customer data, multiple analysts told Cybersecurity Dive.
The downstream impact of an attack, such as the one that occurred at Twilio, depends on what was compromised