Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack



Mandiant, a prominent cybersecurity firm and subsidiary of Google Cloud, faced a security breach on its X (formerly Twitter) account, lasting over six hours. An unidentified attacker compromised the account to promote a cryptocurrency scam. The method of breach remains unclear, but initial actions involved renaming the Mandiant account to “@phantomsolw” to mimic the Phantom crypto wallet service. MalwareHunterTeam and vx-underground reported the incident, revealing scam posts enticing users with a fraudulent airdrop scheme, prompting them to click on a fake link for free tokens. Subsequent messages urged Mandiant to “change password please” and “check bookmarks when you get account back.”

Mandiant, known for its expertise in threat intelligence, was acquired by Google in March 2022 for $5.4 billion and is now integrated into Google Cloud. Rachel Tobac, CEO of SocialProof Security, highlighted the various ways the Twitter account takeover could have occurred, including the possibility of a compromise within Twitter support.

In response to inquiries, a Mandiant spokesperson informed The Hacker News that they are aware of the incident and have successfully regained control of the compromised X account.

This incident coincides with CloudSEK’s revelation that cybercriminals are employing brute-force tactics to hijack verified Gold accounts on X, selling them on the dark web for up to $2,000 per account. Additionally, threat actors target dormant accounts linked to legitimate organizations, elevating them to the Gold tier. Compromised accounts are then used to disseminate malicious links, encourage followers to join random cryptocurrency-related channels, and spread spam.

Security researcher Rishika Desai highlighted the centralized botnet network used by information-stealing malware, where harvested credentials from infected devices are validated based on buyers’ preferences, such as individual or corporate accounts, follower count, and regional specificity.

Other news

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.

Read More

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said.

Read More