American cybersecurity agency and Google Cloud subsidiary Mandiant had its X (previously Twitter) account compromised for greater than six hours by an unknown attacker to propagate a cryptocurrency rip-off.
As of writing, the account has been restored on the social media platform.
It is presently not clear how the account was breached. However the hacked Mandiant account was initially renamed to “@phantomsolw” to impersonate the Phantom crypto pockets service, based on MalwareHunterTeam and vx-underground.
Particularly, the rip-off posts from the account marketed an airdrop rip-off that urged customers to click on on a bogus hyperlink and earn free tokens, with follow-up messages asking Mandiant to “change password please” and “examine bookmarks if you get account again.”
Mandiant, a number one menace intelligence agency, was acquired by Google in March 2022 for $5.4 billion. It’s now a part of Google Cloud.
“The Mandiant Twitter account takeover might have occurred [in] numerous methods,” Rachel Tobac, CEO of SocialProof Safety, stated on X.
“Some people are giving the recommendation to activate MFA to forestall ATO and naturally that’s a good suggestion all the time *nevertheless it’s additionally potential that somebody in Help at Twitter was bribed or compromised which allowed the attacker entry to Mandiant’s account*.”
When reached for remark, a Mandiant spokesperson instructed The Hacker Information that it’s conscious of the incident impacting the X account and that it has regained management over the account.
The event comes as CloudSEK revealed that cyber criminals are brute-forcing and hijacking verified Gold accounts on X and promoting them on the darkish internet for as much as $2,000 per account. Moreover, menace actors have been noticed to focus on dormant accounts related to respectable organizations to improve them to the Gold tier.
The compromised accounts are then used to submit hyperlinks to malicious domains, urge their followers to hitch random channels based mostly on cryptocurrency, and propagate spam.
“Info stealer malware has a centralized botnet community, the place credentials from contaminated units are harvested,” safety researcher Rishika Desai stated. “These credentials are then additional validated based on patrons’ necessities, equivalent to particular person or company accounts, variety of followers, region-specific accounts, and many others.”
(The story was up to date after publication to incorporate a response from Mandiant.)