The X account of Google's cybersecurity firm Mandiant was restored to its rightful owner Jan. 4 after the account was hacked and used to promote a cryptocurrency scam.
The incident occurred amid growing concerns for the security of high-profile accounts on X, as the platform has a history of being targeted by cybercriminals to post and promote scams that show little signs of stopping.
Though Phantom is a legitimate company - its wallet app is available on both Google and Apple's app stores - the actors who purported to be the company on Mandiant's account seemed anything but.
Once Mandiant's X account was commandeered by attackers around 5:30pm EST on Wednesday, it tweeted a series of promotions directing people to a scam that offered token awards on a website that would verify if their cryptocurrency wallet was eligible.
By Thursday, Mandiant's X account again appeared to be in proper working order.
Mandiant is a part of Google Cloud; the tech giant completed its acquisition of the firm in September.
During the several hours that the account was taken over, Phantom also was aware of the issue and assured users on its own X account that their funds were safe, warning them to be wary of clicking on strange links, according to a screenshot tweeted by MalwareHunterTeam, which also documented the situation on X. High-profile X accounts are certainly no stranger to takeover by threat actors.
In a now notorious event that occurred in July 2020 when the platform was still called Twitter, a number of major accounts - including those of Jeff Bezos, Bill Gates, Barack Obama and even X's current owner Elon Musk - were hacked to promote a Bitcoin scam.
The CloudSEK reported cited yet another high-profile X account takeover to prove its point-that of Vitalik Buterin, the co-founder of Ethereum, which attackers used to tweet out an offer for purportedly free nonfungible tokens that included an embedded malicious link redirecting users to a fake website designed to drain cryptocurrency from their wallets.
Other security researchers report vulnerabilities on X that appear to remain unpatched.
CloudSEK earlier this week recommended that high-profile organizations protect themselves on X by monitoring mentions of their respective brands on the site as well as implementing strong password policies.
Brute-forcing passwords is a key way that attackers take over X and other online accounts.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 04 Jan 2024 17:20:04 +0000