Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.
Apparently, Twilio employees were not the only ones targeted by these attackers.
According to Tech Crunch, the attackers tried the same tactics against employees of a U.S. internet company, an IT outsourcing company and a customer service provider.
“We have reemphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being utilized by malicious actors since they first started to appear several weeks ago. We have also instituted additional mandatory awareness training on social engineering attacks in recent weeks,” Twilio said, but obviously even that wasn’t enough to prevent some employees getting fooled.
While the attackers are, as Twilio says, well-organized and methodical, the sophistication of this attack campaign is mostly revolves around the fact that the attackers were able to “Match employee names from sources with their phone numbers.”
Twilio has previously suffered a data breach in April 2021, as a direct result of the Codecov supply chain compromise, and another security incident in July 2020 that resulted in attackers injecting malicious code into their TaskRouter JS SDK library.