American cybersecurity agency and Google Cloud subsidiary Mandiant had its X (previously Twitter) account compromised for greater than six hours by an unknown attacker to propagate a cryptocurrency rip-off.
As of writing, the account has been restored on the social media platform.
It is at the moment not clear how the account was breached. However the hacked Mandiant account was initially renamed to “@phantomsolw” to impersonate the Phantom crypto pockets service, in keeping with MalwareHunterTeam and vx-underground.
Particularly, the rip-off posts from the account marketed an airdrop rip-off that urged customers to click on on a bogus hyperlink and earn free tokens, with follow-up messages asking Mandiant to “change password please” and “verify bookmarks once you get account again.”
Mandiant, a number one risk intelligence agency, was acquired by Google in March 2022 for $5.4 billion. It’s now a part of Google Cloud.
“The Mandiant Twitter account takeover may have occurred [in] various methods,” Rachel Tobac, CEO of SocialProof Safety, stated on X.
“Some of us are giving the recommendation to activate MFA to stop ATO and naturally that’s a good suggestion at all times *but it surely’s additionally doable that somebody in Assist at Twitter was bribed or compromised which allowed the attacker entry to Mandiant’s account*.”
When reached for remark, a Mandiant spokesperson advised The Hacker Information that it’s conscious of the incident impacting the X account and that it has regained management over the account.
The event comes as CloudSEK revealed that cyber criminals are brute-forcing and hijacking verified Gold accounts on X and promoting them on the darkish net for as much as $2,000 per account. Moreover, risk actors have been noticed to focus on dormant accounts related to respectable organizations to improve them to the Gold tier.
The compromised accounts are then used to put up hyperlinks to malicious domains, urge their followers to affix random channels primarily based on cryptocurrency, and propagate spam.
“Info stealer malware has a centralized botnet community, the place credentials from contaminated units are harvested,” safety researcher Rishika Desai stated. “These credentials are then additional validated in keeping with consumers’ necessities, comparable to particular person or company accounts, variety of followers, region-specific accounts, and many others.”
(The story was up to date after publication to incorporate a response from Mandiant.)
Replace
In a follow-up assertion posted on its now-restored X account, Mandiant stated the account had two-factor authentication (2FA) protections enabled and that it’s investigating the safety incident.
“Presently, there are not any indications of malicious exercise past the impacted X account, which is again underneath our management,” it added.