January 3, 2024 at 06:39PM
Mandiant’s Twitter account was hijacked to facilitate a cryptocurrency scam, with the attacker impersonating the Phantom crypto wallet and promoting a fake website. The scam involved redirecting users to a phishing website to drain their cryptocurrency wallets. Mandiant acknowledged the incident and is working on a resolution, while the hacker is now trolling the company on the compromised account.
Summary of Meeting Notes:
– The Twitter account of cybersecurity firm Mandiant, a Google subsidiary, was hijacked by an attacker to impersonate the Phantom crypto wallet and promote a cryptocurrency scam.
– Mandiant is aware of the incident and is working to resolve the issue, according to a spokesperson’s statement to BleepingComputer.
– After gaining control, the attacker renamed the account to @phantomsolw and promoted a fake website impersonating the Phantom crypto wallet, offering free $PHNTM tokens as part of an airdrop.
– Clicking the ‘Claim Airdrop’ button redirects users to the legitimate Phantom wallet site, where they are prompted to install it. Installation attempts to automatically drain the targets’ cryptocurrency wallets, but the Phantom Wallet now warns users about the phishing attack.
– The threat actor deleted the scam tweet and began trolling Mandiant through the account, including retweeting posts from the official Phantom account to add legitimacy to future scam posts.
– Mandiant’s original Twitter handle, @mandiant, now displays an error message indicating that the account doesn’t exist.
Let me know if there are any other specific takeaways needed from the meeting notes.