Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Custom vishing campaign stealing Okta SSO credentials

Campaign
First reported
Last updated
Happening score
H score 48
2 unique sources, 2 articles

Summary

Hide ▲

A custom vishing campaign is actively stealing Okta SSO credentials through live, adversary-in-the-middle phishing pages, creating immediate risk of account takeover and downstream data theft. Multiple hacking groups are using the service against identity providers such as Google, Microsoft, and Okta, as well as cryptocurrency platforms. The operation relies on spoofed helpdesk calls, real-time MFA relay, and attacker backends such as Telegram to intercept credentials and TOTP codes.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

Open Happening

EvilTokens Microsoft 365 consent phishing campaign

Campaign
First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The **EvilTokens** campaign rapidly compromised **more than 340 Microsoft 365 organizations** across **five countries**, showing how **OAuth grant abuse** can bypass **MFA** and c...

Open Happening

PCPJack TeamPCP-targeting cloud credential theft campaign

Campaign
First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

About this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...

Open Happening

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

Timeline

  1. 22.01.2026 23:43 2 articles · 4mo ago

    Okta warns of active vishing credential theft

    Initial Disclosure

    Okta warns that custom phishing kits built for voice-based social engineering are being used in active attacks against employees at identity providers and cryptocurrency platforms, including Okta, Google, and Microsoft, to steal SSO credentials, relay TOTP codes through real-time adversary-in-the-middle pages, and bypass push-based MFA including number matching.

    Show sources
    Open in new tab