Mandiant's account on the social media platform X, formerly Twitter, was hacked on Wednesday and abused to lure users to a website designed to steal cryptocurrency from victims.
The account of Mandiant, which is part of Google Cloud, was renamed to 'Phantom' and its profile image and description were updated to appear affiliated with the legitimate Phantom cryptocurrency wallet.
Messages posted on the hijacked account promoted a website hosted at claim-phntm.com, which claimed to distribute cryptocurrency tokens through an airdrop.
In reality, the site is designed to steal users' cryptocurrency.
The hacked account was later used to troll the cybersecurity firm, telling it to change its password.
Mandiant immediately took action to recover the account, but the hacker regained control at one point during the recovery process.
Researchers at MalwareHunterTeam, who have been monitoring the incident, noted that it did not take Mandiant long to recover the account, considering that it has taken some X users days or even more to regain complete control of their account following a hacker attack.
While the hacker posted a message urging Mandiant to change its password, in many cases social media account hijacking involves abusing a third-party service rather than a direct attack on the account.
Major web browsers currently flag the domain promoted by the hacker as a potential phishing site.
This incident occurred just as cybersecurity company CloudSEK published a report on X Gold accounts being sold on the dark web, in some cases for thousands of dollars.
These accounts can be highly useful for phishing, disinformation and other types of campaigns.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 04 Jan 2024 12:13:06 +0000