---
title: "Kratos Targets Outpost24, Intuitive Data Breached, Starbucks Staff Exposed | DMARC Report"
description: "Kratos phishing kit hits Outpost24 with a JP Morgan lure, Intuitive discloses a credential breach, and Starbucks reports 900 employees exposed."
image: "https://dmarcreport.com/og/blog/kratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed.png"
canonical: "https://dmarcreport.com/blog/kratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed/"
---
Quick Answer
A Kratos phishing-as-a-service kit was used in a seven-step chain to phish a C-level executive at Swedish security firm Outpost24, passing DMARC via two DKIM signatures and bypassing Cisco Secure Email Gateway before harvesting Microsoft 365 credentials. Surgical robotics firm Intuitive disclosed a phishing-driven breach of its internal admin network exposing corporate, employee, and customer contact records. Starbucks reported a Partner Central HR portal breach between January 19 and February 11, 2026 affecting about 900 employees, and Teams users were targeted via a credential harvesting campaign abusing compromised WordPress sites.
Related: [Free DMARC Checker](/tools/dmarc-checker/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fkratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Kratos%20Targets%20Outpost24%2C%20Intuitive%20Data%20Breached%2C%20Starbucks%20Staff%20Exposed&url=undefined%2Fblog%2Fkratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fkratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fkratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed%2F&title=Kratos%20Targets%20Outpost24%2C%20Intuitive%20Data%20Breached%2C%20Starbucks%20Staff%20Exposed "Share on Reddit") [ ](mailto:?subject=Kratos%20Targets%20Outpost24%2C%20Intuitive%20Data%20Breached%2C%20Starbucks%20Staff%20Exposed&body=Check out this article: undefined%2Fblog%2Fkratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed%2F "Share via Email")
> DMARC monitoring should be as routine as checking your inbox, says Adam Lundrigan, CTO of DuoCircle. The aggregate reports tell you exactly who sends email from your domain. If you’re not reading them, you’re flying blind on your own email security posture.
```
DMARC Report
```
Kratos Targets Outpost24, Intuitive Data Breached, Starbucks Staff Exposed
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-40486” readonly/>
```
```
Phishing attacks dominated last week’s cyberincidents. Outpost24, a security firm, fell prey to a phishing attack. Intuitive’s company data was breached because of a sophisticated [phishing attack](https://cybersecuritynews.com/detecting-phishing-attack-artificial-intelligence/). A whopping 900 Starbucks employees are now prone to [threat attacks](https://www.aljazeera.com/news/2026/2/28/us-israel-bomb-iran-a-timeline-of-talks-and-threats-leading-up-to-attacks) after phishing actors breached the internal employee portal.
Meanwhile, a new phishing campaign has been hijacking legitimate websites to target \*\*Microsoft Teams users by evading detection systems.
## Outpost24 executive targeted with the help of Kratos!
Outpost24 is a Swedish exposure management and identity security firm. Threat actors used Kratos, a popular **Phishing-as-a-Service kit**, to target [Outpost24](https://www.darkreading.com/threat-intelligence/hackers-target-cybersecurity-firm-outpost24-phish). The attack was designed in a seven-step chain and comprised a highly intricate, [layered infrastructure](https://www.prnewswire.com/news-releases/physicl-launches-the-data-infrastructure-layer-for-physical-ai-at-nvidia-gtc-302715130.html). Plus, they had genuine services that helped in evading detection and fooling the recipients.
\_Outpost24 received the phishing message that successfully impersonated the renowned brand JP Morgan. \_The malicious message looked like a part of an already existing [email thread](https://www.wusa9.com/article/news/community/musician-and-interim-executive-director-of-the-kennedy-center-emails-go-viral/65-6c95b95f-e9c6-427d-a1b0-f55a37bf2f4b). The message asked the recipient to go through a specific document and then sign it. All the steps were taken carefully to earn the trust of the victim.
The threat actors managed to pass [DMARC](https://dmarcreport.com/) \*\*authentication by using two [DomainKeys Identified Mail](https://dmarcreport.com/what-is-dkim/) signatures.
The malicious message consisted of a “**review document**” link. The same link conveniently passed [Cisco’s Secure Email Gateway](https://www.elastic.co/docs/reference/integrations/cisco%5Fsecure%5Femail%5Fgateway) validation. All these further added to the credibility of the message .
On clicking the link, the victim would be redirected to Nylas, the genuine email [API platform](https://www.popularowl.com/blog/what-is-api-platform/). Furthermore, the victim was redirected to a legitimate, India-based development company domain, and then to a 2017-registered domain owned by a Chinese entity.
After multiple redirects, the victim landed on a \*\*credible-looking \*\*phishing page designed for extracting [Microsoft 365 credentials](https://documentation.botcity.dev/plugins/ms365/auth-credentials/).
An Outpost24 spokesperson has confirmed that a [C-level executive](https://taggd.in/hr-glossary/c-level-executive/) fell for this sophisticated phishing attack.
## Biotech brand, Intuitive’s customer and employee data compromised!
Intuitive, the surgical robotics firm, got targeted by a group of phishing actors. As a result of the [cyberattack](https://www.pbs.org/newshour/world/iran-linked-hackers-take-aim-at-u-s-and-other-targets-raising-risk-of-cyberattacks-during-war), the firm’s \*\*employee and customer data \*\*were compromised.
The cybercrooks managed to gain access to the login credentials of Intuitive’s employees. That’s how they broke into the internal administrative network and finally accessed the data. Intuitive has issued an [online statement](https://www.intuitive.com/en-us/about-us/newsroom/Intuitive-statement-on-cybersecurity-incident), shedding light on the data compromised. It includes corporate records, employee records, as well as customer contact and business details._As soon as the incident came to light, Intuitive deployed its incident response protocols and managed to secure all the applications affected in the phishing attack_. An investigation is underway, and experts are also **reviewing security protocols**. Employees are being trained in online security and risk management.
Intuitive believes that the cyberattack could not affect its [customer-centric](https://www.cxnetwork.com/guides/customer-centric) operations.
Since all their robotic systems are equipped with their own security protocols, they can operate separately and independently. That’s why the attack on the [internal business network](https://www.mentorcliq.com/blog/internal-networking) could not disrupt the operations of the **robotic system platforms**.
## Starbucks employee portal targeted, 900 employees stand exposed!
[Threat actors](https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html) managed to break into the Starbucks Partner Central accounts system. This is a [SaaS platform](https://www.appdirect.com/resources/glossary/saas-platform) used by Starbucks employees to manage all the employment details, such as payroll, leaves, benefits, and so on. _Starbucks became aware of suspicious activities back on February 6, 2026._ However, after a detailed investigation, Starbucks realized that the breach had happened somewhere between **January 19 and February 11**.
The phishing actors managed to access employee [login credentials](https://www.fortinet.com/resources/cyberglossary/login-credentials) by directing the [Starbucks employees](https://cybernews.com/cybercrime/starbucks-hr-system-breached-nearly-900-employees-affected/) to [malicious websites](https://abcnews.com/Technology/hackers-embed-malicious-links-websites-stars-biel/story?id=8477614). These websites are carefully structured to mimic the genuine Partner Central login page. By using this phishing strategy, threat actors were able to authenticate into real accounts without having to directly penetrate the core infrastructure of Starbucks .
The coffee giant has already notified [law enforcement](https://usafacts.org/articles/how-does-us-law-enforcement-work-who-has-jurisdiction/) agencies. They have also bolstered the security controls on **Partner Central**. Starbucks has stated that this [data breach](https://capitolskyline.com/social-security-data-breach-concerns-investigation/) won’t affect customers in any way.
## Legitimate domains misused to target Microsoft Teams users
A new [phishing campaign](https://www.malwarebytes.com/blog/news/2026/01/phishing-campaign-abuses-google-cloud-services-to-steal-microsoft-365-logins) is doing the rounds that abuses \*\*legitimate domains to harvest the credentials of Microsoft Teams users.
A group of security researchers from a reputed security firm has discovered a massive phishing operation that has been misusing [WordPress websites](https://publishpress.com/blog/usa-state-websites-wordpress/) to create [credential-harvesting](https://www.cybersecuritydive.com/news/credential-harvesting--screenconnect-cloud-administrators/758508/) pages.
They embed malicious content within the content of these credible and **reputable domains**. This significantly minimizes the risk of being detected by any [cybersecurity](https://dmarcreport.com/blog/email-security-meets-cybersecurity-understanding-the-role-of-dmarc-reports/) tools and spam filters.
Primarily, the cybercrooks target Microsoft Teams users. But lately, they have also started targeting UAE Pass and Xfinity accounts. The reason behind hijacking already existing, \*\*trustworthy domains is to boost the success rate of the phishing campaign. The malicious URLs look genuine to the victims and increase the likelihood of the target falling for the cyberattack.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)
[ Brad Slavin ](/authors/brad-slavin/)
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Kratos Targets Outpost24, Intuitive Data Breached, Starbucks Staff Exposed","description":"Kratos phishing kit hits Outpost24 with a JP Morgan lure, Intuitive discloses a credential breach, and Starbucks reports 900 employees exposed.","url":"https://dmarcreport.com/blog/kratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed/","datePublished":"2026-03-19T10:35:34.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2026-03-19T10:35:34.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/kratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed/"},"articleSection":"foundational","keywords":"dkim, DMARC, News","wordCount":1083,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg","caption":"Kratos Targets Outpost24, Intuitive Data Breached, Starbucks Staff Exposed","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Kratos Targets Outpost24, Intuitive Data Breached, Starbucks Staff Exposed","item":"https://dmarcreport.com/blog/kratos-targets-outpost24-intuitive-data-breached-starbucks-staff-exposed/"}]}
```