---
title: "Okta Phishing Attack Facilitated By CryptoChameleon! | Phish Protection"
description: "Hacking instances are rampant across the globe, and this time, the target is none other than the Federal Communications Commission or FCC."
image: "https://phishprotection.com/og/blog/okta-phishing-attack-facilitated-by-cryptochameleon.png"
canonical: "https://phishprotection.com/blog/okta-phishing-attack-facilitated-by-cryptochameleon/"
---

Quick Answer

Hacking instances are rampant across the globe, and this time, the target is none other than the Federal Communications Commission or FCC. There’s a new kid on the block named CryptoChameleon, and this brand-new \[phishing kit\](/phishing/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry) is being used to \[attack the FCC employees\](https://www.nextgov.com/cybersecurity/2024/03/fcc-staff-targeted-phishing-attack-cloned-agency-login-site/394609/). Basically, the threat actors are using CryptoChameleon to come up with \[SSO pages\](https://www.onelogin.com/learn/how-single-sign-on-works) that

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fokta-phishing-attack-facilitated-by-cryptochameleon%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Okta%20Phishing%20Attack%20Facilitated%20By%20CryptoChameleon!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fokta-phishing-attack-facilitated-by-cryptochameleon%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fokta-phishing-attack-facilitated-by-cryptochameleon%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fokta-phishing-attack-facilitated-by-cryptochameleon%2F&title=Okta%20Phishing%20Attack%20Facilitated%20By%20CryptoChameleon! "Share on Reddit") [ ](mailto:?subject=Okta%20Phishing%20Attack%20Facilitated%20By%20CryptoChameleon!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fokta-phishing-attack-facilitated-by-cryptochameleon%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2024/03/anti-phishing-8614.jpg) 

Hacking instances are rampant across the globe, and this time, the target is none other than the Federal Communications Commission or FCC. There’s a new kid on the block named CryptoChameleon, and this brand-new [phishing kit](/phishing/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry) is being used to [attack the FCC employees](https://www.nextgov.com/cybersecurity/2024/03/fcc-staff-targeted-phishing-attack-cloned-agency-login-site/394609/). Basically, the threat actors are using CryptoChameleon to come up with [SSO pages](https://www.onelogin.com/learn/how-single-sign-on-works) that resemble Okta to a great extent. 

The same phishing kit is also being actively used to attack the [cryptocurrency platform](https://www.forbes.com/advisor/in/investing/cryptocurrency/what-is-a-crypto-exchange/#:~:text=A%20cryptocurrency%20exchange%20sounds%20simple,as%20it%20is%20largely%20unregulated.) employees and users, namely Coinbase, Gemini, Kraken, and so on. _The phishing actors are using CryptoChameleon to **impersonate biggies** such as iCloud, Twitter, Gmail, AOL, etc._

Although the investigation is hinting towards the notorious [Scattered Spider hacking group](https://therecord.media/scattered-spider-ransomware-attacks-hospitality-retail), there’s **not enough evidence** to prove them to be the mastermind behind this malicious campaign.

![Anti phishing](https://media.mailhop.org/phishprotection/images/2024/03/anti-phishing-8614.jpg) 

### How Exactly Does The Attack Happen?

Here’s how the [threat actors](https://edition.cnn.com/2024/01/10/politics/chinese-hackers-research-organization/index.html) design the malicious attack at **multiple stages**:

Initially, they **register the domains** which look close to the original entities. For example, they came up with a domain called “fcc-okta(.)com,” which has just one character difference when compared to the **OG sign-on page**.

Next, the threat actors design a complicated [social engineering attack](/phishing-awareness/social-engineering-attack-twilio-compromises-employee-accounts-customer-data) that consists of SMSes, [voice phishing](/phishing-awareness/how-to-defend-against-voice-phishing), and emails. _The phishing actors call, text, or send emails and pretend to be someone from the **customer care department**._ They will redirect the naive user to a phishing site in the pretext of helping them to “recover” their lost account.

They can also send out texts pretending to be warning signs for [suspicious login alerts](https://cybernews.com/news/beware-facebooks-login-alert-used-to-trick-people/), as they did in the case of Coinbase.

When a user reaches the malicious site, they are asked to solve a CAPTCHA quiz. The CAPTCHA challenge further wins the **trust of the naive user**, thus eliminating any traces of suspicion.

Once the CAPTCHA is solved, a fake page appears on the screen that looks **exactly the same as the original** page.

_CryptoChameleon helps the threat actors to communicate with the users **in real time**_. This further helps the cybercriminals to go ahead and [ask for sensitive details](https://www.thehindu.com/news/national/tamil-nadu/cyber-criminals-target-former-union-minister-dayanidhi-maran-steal-99999-from-his-bank-account/article67403243.ece) such as **MFA codes**. The phishing actors can also customize the fake pages so that users are compelled to share their [personal data](https://www.abc.net.au/news/2023-12-14/cybercriminals-stealing-credit-card-number-bin-attack-scam/103223086), such as phone numbers.

At last, the user is diverted to a **false portal**, which states that the account in question is still under review. This buys some **more time for the cybercriminals** so that they can create more damage.

### Aftermath Of The Phishing Scam!

> “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle

As per the investigation by cybercrime experts, almost 100 users have fallen prey to this scam so far. Threat actors have been **leveraging Hostinger** and Hostwinds to host their fake phishing pages since 2023\. But then they shifted the gear to RetnNet, the Russia-based [hosting site](https://www.europol.europa.eu/media-press/newsroom/news/5-arrested-in-poland-for-running-bulletproof-hosting-service-for-cybercrime-gangs).

The strategic movement of the scamsters and their organized planning and execution hints towards the involvement of **organized phishing teams**. Cyber experts are looking into the matter and trying to find the perpetrator involved in this large-scale, [global phishing scam](https://www.dlnews.com/articles/snapshot/pig-butcherers-rake-in-billions-according-to-new-study/).

![Phishing Statistics You Need to Know](https://media.mailhop.org/phishprotection/images/2024/03/Phishing-Statistics-You-Need-to-Know.jpg) 

Enhancing [phishing protection](/) measures is imperative in safeguarding individuals and organizations against such sophisticated attacks. Implementing robust [cybersecurity](/content/cybersecurity-in-a-nutshell) protocols and conducting [phishing awareness training](/products/phishing-awareness-training) about [phishing threats](https://www.bbc.com/news/business-68225892) can contribute significantly to thwarting future attempts and **securing sensitive information**.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Okta Phishing Attack Facilitated By CryptoChameleon!","description":"Hacking instances are rampant across the globe, and this time, the target is none other than the Federal Communications Commission or FCC.","url":"https://phishprotection.com/blog/okta-phishing-attack-facilitated-by-cryptochameleon/","datePublished":"2024-03-06T07:33:53.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2024-03-06T07:33:53.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/okta-phishing-attack-facilitated-by-cryptochameleon/"},"articleSection":"foundational","keywords":"Phishing","wordCount":555,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2024/03/anti-phishing-8614.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Okta Phishing Attack Facilitated By CryptoChameleon!","item":"https://phishprotection.com/blog/okta-phishing-attack-facilitated-by-cryptochameleon/"}]}
```