Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack

We Keep you Connected

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.
As of writing, the account has been restored on the social media platform.
It’s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to “@phantomsolw” to impersonate the Phantom crypto wallet service, according to MalwareHunterTeam and vx-underground.
Specifically, the scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens, with follow-up messages asking Mandiant to “change password please” and “check bookmarks when you get account back.”
Mandiant, a leading threat intelligence firm, was acquired by Google in March 2022 for $5.4 billion. It is now part of Google Cloud.
“The Mandiant Twitter account takeover could have happened [in] a number of ways,” Rachel Tobac, CEO of SocialProof Security, said on X.
“Some folks are giving the advice to turn on MFA to prevent ATO and of course that is a good idea always *but it’s also possible that someone in Support at Twitter was bribed or compromised which allowed the attacker access to Mandiant’s account*.”
When reached for comment, a Mandiant spokesperson told The Hacker News that it’s aware of the incident impacting the X account and that it has regained control over the account.
The development comes as CloudSEK revealed that cyber criminals are brute-forcing and hijacking verified Gold accounts on X and selling them on the dark web for up to $2,000 per account. Furthermore, threat actors have been observed to target dormant accounts associated with legitimate organizations to upgrade them to the Gold tier.
The compromised accounts are then used to post links to malicious domains, urge their followers to join random channels based on cryptocurrency, and propagate spam.
“Information stealer malware has a centralized botnet network, where credentials from infected devices are harvested,” security researcher Rishika Desai said. “These credentials are then further validated according to buyers’ requirements, such as individual or corporate accounts, number of followers, region-specific accounts, etc.”
(The story was updated after publication to include a response from Mandiant.)
In a follow-up statement posted on its now-restored X account, Mandiant said the account had two-factor authentication (2FA) protections enabled and that it’s investigating the security incident.
“Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control,” it added.
The Ultimate Enterprise Browser Checklist
Download a Concrete and Actionable Checklist for Finding a Browser Security Platform.
Master Cloud Security – Get FREE eBook
Comprehensive eBook covering cloud security across infrastructure, containers, and runtime environments for security professionals
Firewalls & VPNs can’t keep up. Discover how Zero Trust minimizes risks. Join our webinar with Zscaler & revolutionize your security strategy.
Learn how small breaches lead to full-system takeovers and gain skills to protect your network’s most vulnerable points.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE