Cyber threat intelligence giant Mandiant has shared the result of its investigation on its recent X account hijacking following a wave of crypto-related X account hacks.
On January 3, 2024, the X account of Mandiant, a subsidiary of Google Cloud, was taken over and began sending its 123,5000 followers links to a cryptocurrency drainer phishing page.
Although the cybersecurity provider did not specify which X changes it was referring to, 2FA recently became an exclusive feature for X Premium subscribers.
Previously, all users could enable 2FA for added security, but now, only those paying for the subscription service can access elements of this feature.
Specifically, the text message/SMS method of 2FA was disabled for non-Twitter Blue users in February 2023.
Authentication app and security key methods remain available.
This decision sparked considerable controversy among the user base, as 2FA is considered a crucial security measure and limiting its availability raises concerns about potential vulnerabilities.
Mandiant has identified 35 IDs associated with a drainer-as-a-service group using the CLINKSINK crypto wallet drainer, a type of malware exploiting vulnerabilities in smart contracts or user errors to steal funds.
CLINKSINK users specifically targets Solana wallets.
These digital grifters use hijacked X and Discord accounts to share cryptocurrency-themed phishing pages impersonating Phantom, DappRadar, and BONK with fake token airdrop themes.
Using these compromised accounts, they lure their victims with promises of free tokens, deploying convincing phishing pages disguised as popular crypto platforms.
Instead of enriching their targets, they're siphoning funds directly into their own pockets, keeping 20% for themselves and leaving the rest for the shadowy figures who run the drainer service.
Mandiant estimates that this nefarious scheme has drained at least $900,000 from unsuspecting crypto enthusiasts.
The same 35 affiliate IDs have used CLINKSINK since December 2023 to steal funds and tokens from Solana users in different campaigns.
Several companies, including Netgear, Hyundai and Certik, have also recently had their X social media accounts hijacked and used for cryptocurrency scams by threat actors.
X also noted that the SEC's account did not have two-factor authentication enabled at the time the account was hacked.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 11 Jan 2024 12:15:10 +0000