CyberSecurityBoard
Sponsor Register Login

Hackers hijack govt and business accounts on X for crypto scams

Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams.
A recent high-profile case is the X account of cyber threat intelligence company Mandiant, a Google subsidiary, which was hijacked yesterday to distribute a fake airdrop that emptied cryptocurrency wallets.
Only in the past couple of days, MHT has posted about the accounts of Canadian senator Amina Gerba, nonprofit consortium 'The Green Grid,' and Brazilian politician Ubiratan Sanderson falling in the hands of hackers.
A gold checkmark attached to an account on X indicates an official organization/company, while the grey badge marks profiles representing a government organization or an official.
Both types of accounts need to meet specific eligibility requirements.
By contrast, the blue checks are given to any user paying for an X Premium subscription.
A recent report from CloudSEK, a digital risk monitoring platform, highlights the emergence of a new black market where hackers sell compromised gold and grey X accounts for prices between $1,200 and $2,000.
Some sellers also provide the option to add scam accounts as affiliates to the verified gold accounts for $500, lending them credibility without having to go through the more rigorous verification process from the social media platform.
CloudSEK says it observed six sales of such accounts in a month.
One of them, dormant since 2016 and with 28,000 followers, was advertised for $2,500.
Researchers recommend companies to close dormant accounts if they've been inactive for a larger period.
Reviewing the security settings and activate the two-factor authentication option.
It is also worth checking what apps are connected to the account as well as the log of active sessions on other devices.
Mandiant's account on X hacked to push cryptocurrency scam.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
Fraudsters make $50,000 a day by spoofing crypto researchers.
Crypto drainer steals $59 million from 63k people in Twitter ad push.
US detains suspects behind $80 million 'pig butchering' scheme.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 04 Jan 2024 18:40:43 +0000


Cyber News related to Hackers hijack govt and business accounts on X for crypto scams

Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
1 year ago Bleepingcomputer.com
Unravelling Retirement Banking Scams and How To Protect Yourself - In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. According to the FBI, in 2020 alone, financial scams targeting seniors netted more than $1 billion. It's a quiet crisis that we need to address, and ...
1 year ago Hackread.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
1 year ago Bleepingcomputer.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
1 year ago Bleepingcomputer.com
Hackers hijack govt and business accounts on X for crypto scams - Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. A recent high-profile case is the X account of cyber threat ...
1 year ago Bleepingcomputer.com
Five best practices for securing Active Directory service accounts - Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. To support software-specific functions, service accounts require elevated permissions ...
10 months ago Bleepingcomputer.com
CVE-2025-12194 - Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows ...
2 months ago
How Criminals Are Leveraging AI to Create Convincing Scams - Cybercriminals create far more sophisticated scams with generative AI than traditional phishing scams. According to Visa research, scammers are fooling even the savviest internet users by launching pig butchering, inheritance, humanitarian relief ...
1 year ago Tripwire.com
Best of 2023: Why is everyone getting hacked on Facebook? - Importantly, phishing relies on the victim trusting the scammer and taking an action - like clicking a link or sending bank account information - in order for the scammer to get what they want. It's not your imagination - social media scams really ...
2 years ago Securityboulevard.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
2 years ago Darkreading.com Lazarus Group
Palestine crypto donation scams emerge amid Israel-Hamas war - As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X, Telegram and ...
2 years ago Bleepingcomputer.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
2 years ago Bleepingcomputer.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Crypto wallet founder loses $125,000 to fake airdrop website - A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd ...
1 year ago Bleepingcomputer.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
1 year ago Bleepingcomputer.com
CVE-2022-50231 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
1 year ago Bleepingcomputer.com
Facebook Marketplace Is Being Ruined by Zelle Scammers - Some scams encourage people to upgrade their Zelle accounts to a business tier to receive money from a buyer, according to the Better Business Bureau, and come from emails mimicking Zelle, but with different domains. That upgrade appears to cost ...
2 years ago Wired.com
US cybercops trace and return nearly $9M stolen by scammers The Register - The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "Pig butchering" scams. Authorities tracked payments to cryptocurrency addresses belonging to one organization known for ...
2 years ago Theregister.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
1 year ago Infosecurity-magazine.com
Romance Scammers are Adopting Approval Phishing Tactics - Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes suspicious or the bad actor decides there ...
2 years ago Securityboulevard.com Rocke
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
2 years ago Bleepingcomputer.com Scattered Spider
CyberCrime & Doing Time: Identification Documents: an Obsolete Fraud Countermeasure - When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. In the new case, Brianna Mills, a 28-year old bank teller in Loganville, Georgia ...
1 year ago Garwarner.blogspot.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)