The Twitter account of Google’s Mandiant cybersecurity service has been hacked to promote a cryptocurrency scam. It happens along with the massive spread of cryptocurrency drainer scams on different social media platforms.
Mandiant has lost control of its X/Twitter account
Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly Twitter) was taken over by unnamed hackers. However, Mandiant later regained control of its account after a six-hour breach. The unknown attacker exploited the account to propagate a cryptocurrency scam. He renamed it “@phantomsolw” to impersonate the Phantom crypto wallet service. By the way, the Phantom Company offers digital wallets for cryptocurrency, available on both Google and Apple app stores. However, the company ignored a request to comment on the incident.
Today Mandiant had their Twitter account stolen.
2024 starting strong pic.twitter.com/gHagm2o36q
— vx-underground (@vxunderground) January 3, 2024
Under the intruders’ control, the compromised account initially shared links to a cryptocurrency platform associated with Phantom. The scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens. The follow-up messages asking Mandiant to “change the password please” and “check bookmarks when you get the account back”. Later, the Mandiant account appeared to have been deleted briefly before reappearing with changed usernames but retaining Mandiant logos.
How could this happen?
Perhaps someone might have been confused about how a cybersecurity company could fall victim to such an attack. However, the Mandiant account takeover could have occurred through various methods. Some experts suggested that the support personnel at Twitter were bribed or compromised, allowing the attacker to gain access. And these are legitimate concerns because after buying the social network, Elon Musk cut a vast security staff. As a result, this led to an uncontrollable flood of spam accounts and severe problems with the site’s security.
This speculation is particularly concerning, given the recent vulnerabilities discovered on the platform. Thus, Chaofan Shou, a Ph.D. student at the University of California – Berkeley, highlighted two significant vulnerabilities the platform’s security team had ignored. According to Shou, these vulnerabilities were easily identifiable by security professionals. They could be exploited to take over any account on the platform.
Again, those are nothing more than speculations and particularly loose hypotheses. While it is possible that X’s security issues are somehow related to this hack, nothing confirms that. The Okta hack, which happened in October 2023, confirms that even security vendors may sometimes fall victim to negligence and poor account security.
Mandiant’s response
Mandiant’s spokesperson acknowledged the incident and assured that they were working to resolve the issue. However, this breach at Mandiant, a firm renowned for its threat intelligence capabilities, acquired by Google in 2022 for $5.3 billion, illustrates the increasingly sophisticated nature of cyber threats. Or is this just another signal that Twitter is no longer a safe platform? In any case, with Mandiant now integrated into Google Cloud, the incident also shows the interconnected risks in the digital ecosystem. So, even leading security firms are not immune to cyber-attacks.
What should I do with such a scam?
The number of well-known companies that got their Twitter profile hacked to spread crypto scam over the last few weeks is concerning. This creates not only the crypto scam risk, but the possibility of misinformation or more serious scams. It is important to know how to act once you see the hacked account that spreads questionable links.
First and foremost, avoid following the links posted from such accounts. Either they lead to a crypto drainer, fake airdrop or investment scam page, it is not advisable to even visit them.
Second, report the account hack to X moderators. There is a specific option in the reports menu, called Deceptive Identities – that will let the system know that something is going wrong.
Spread the info about the hack with your friends and subscribers. The more people know about such a scam, the less is the chance of them getting frauded now and in the future.
