The attacker utilized the compromised Mandiant account to promote a cryptocurrency scam by posing as the Phantom crypto wallet and luring users with a fake airdrop.
On Wednesday, January 3, 2024, at approximately 8:00 PM, Google’s Mandiant cybersecurity firm experienced a security breach in its X account (formerly known as Twitter).
Following the breach, unidentified hackers, (crypto scammers), exploited the compromised account by carrying out a cryptocurrency scam to the firm’s extensive follower base, which exceeded 122,000 users.
Mandiant, which was acquired by Google for $5.4 billion in September 2022, was observed sending out tweets to unsuspecting users that contained links to Phantom, a cryptocurrency wallet.
The attacker utilized the account to promote a cryptocurrency scam, posing as the Phantom crypto wallet and luring users with a fake airdrop. Additionally, the hackers changed Mandiant’s Twitter handle from “@Mandiant” to “@phantomsolw.”
Although Mandiant managed to regain control of the account, restoring it to its original state proved challenging due to Twitter’s restrictions on frequent name changes. However, at the time of writing, Mandiant’s Twitter account was successfully restored, and the malicious links from the scammers were removed from its timeline.
The hacking of Mandiant’s Twitter account should not be viewed as a surprising incident. Scammers are notorious for compromising and taking control of high-profile accounts, often by exploiting 0-day vulnerabilities or leaked credentials from past data breaches and leaks.
In July 2020, the world witnessed a series of high-profile Twitter account hacks, orchestrated to execute cryptocurrency scams. Among the compromised accounts were those belonging to prominent figures and companies, such as Barack Obama, Joe Biden, Bill Gates, Elon Musk, Justin Sun, Apple, Uber, Coinbase, Gemini, Kanye West, Jeff Bezos, Kim Kardashian, and others.
In September 2020 and December 2021, the Twitter account of the Indian Prime Minister, Narendra Modi, fell victim to hacking incidents where the attackers exploited the compromised account to promote Bitcoin scams.
Additionally, in June 2022, the Twitter account of the British Military was compromised, and the hackers utilized the breach to push a cryptocurrency scam.
In September 2023, the Twitter account of ETH founder Vitalik Buterin experienced a security breach, resulting not only in unauthorized access but also in the theft of $700,000 by scammers.
Nevertheless, the hacking of a cybersecurity company is a matter that cannot be overlooked. The situation is further complicated by the sale of Twitter accounts with the Gold checkmark by scammers, intensifying challenges in addressing phishing and disinformation on the platform.
If you use social media or are involved in cryptocurrency investment, follow these simple yet vital tips to keep your accounts secure:
- Never share your private keys or passwords with anyone.
- Be wary of any investment that seems too good to be true.
- Use a strong password manager to keep your passwords safe.
- Only invest in cryptocurrencies that you understand and that have a good reputation.
- Be careful about clicking on links in emails or social media posts, especially if they promise free money or tokens.
RELATED ARTICLES
- Mandiant Denies Hacking Claims By LockBit Ransomware
- Mandiant Tracks 4 Uncategorized Groups Exploiting Citrix Flaw
- Cybersecurity Firm Acronis Data Breach: Hackers Leak 21GB of Data
- Twitter Confirms Data Breach as 5.4M Accounts Sold on Hacker Forum
- Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials