Skip to main content
Back to Security Snacks
Okta
Phishing

Phishing on T-Mobile's Okta

Published on: 
June 13, 2022

A small list of domains we are seeing registered

We're seeing what could be a precursor to a phishing attack on T-Mobile's Okta instance. The domains we're seeing are registered through CSC Global and Namecheap, hosted on Linode and DigitalOcean We'll keep you posted on updates, in the meantime, here are the domains:
okta-tmobiie[.]net
t-mobile-okta[.]us
okta-oath[.]com
t-mobile-okta[.]com
okta-tmobile[.]org
okta-tmo[.]org"

Related Content

SecuritySnacks
DPRK Contagious Interview: Developer Workflow Compromise
Analyze the DPRK "Contagious Interview" campaign targeting developers. Get technical deep-dives into VS Code task abuse, Node.js malware obfuscation, and a full Sigma/EDR detection pack to defend your CI/CD pipeline and identity perimeter.
Learn More
SecuritySnacks
The AI Frame Campaign Continues
Analysis of the persistent AIFrame campaign: A fake Google Authenticator Chrome extension and 6+ related apps use "deploy clean, update dirty" tactics to steal 2FA credentials and inject malicious iframes. Learn how this operation bypasses Google’s security reviews.
Learn More
SecuritySnacks
Cybersecurity Reading List - Week of 2026-04-06
From Gramsci's 'morbid symptoms' to modern threat intelligence - a cybersecurity roundup exploring why defenders should treat root causes over chasing dramatic threats, with curated links on ransomware, HUMINT, disinformation, and more.
Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.