January 3, 2024 at 05:52PM
Today, Mandiant’s Twitter account was hijacked by threat actors, who impersonated the Phantom crypto wallet and shared a fraudulent cryptocurrency scam. Mandiant is aware of the incident and is working to resolve it. The attackers rebranded the account and promoted a fake website, posing a phishing threat. The original Mandiant account is inaccessible.
The meeting notes documented a cybersecurity incident where the Twitter account of American cybersecurity firm Mandiant was hijacked by an attacker to impersonate the Phantom crypto wallet and promote a cryptocurrency scam. The attacker renamed the account to @phantomsolw and shared a fake website imitating the Phantom crypto wallet, promising to distribute free $PHNTM tokens as part of an airdrop.
In tests conducted by BleepingComputer, those who clicked the ‘Claim Airdrop’ button without the Phantom wallet installed were redirected to the legitimate site, where they were prompted to install it. Once installed, the fake website attempted to automatically drain users’ cryptocurrency wallets. However, the Phantom wallet issued a warning stating that the website is malicious and unsafe, and disabled the ability to interact with it to protect users and their funds.
The threat actor behind the attack has deleted the scam tweet and is now using the account to troll Mandiant. The original Mandiant Twitter handle, @mandiant, now displays an error message indicating that the account doesn’t exist.
The attacker is also retweeting posts from the official Phantom account, likely to add legitimacy to future crypto-scam posts. This incident has prompted a response from Mandiant, which stated that they are aware of the incident and are working to resolve the issue.