January 4, 2024 at 06:42AM
Mandiant’s social media account was hacked and used to promote a fraudulent cryptocurrency website. The hacker temporarily renamed the account and spurred users to visit the deceptive site. Despite recovery attempts, the hijacker briefly regained control. Major web browsers have flagged the fraudulent site, coinciding with a report on dark web sales of X Gold accounts.
Based on the meeting notes, the account of Mandiant on the social media platform X (formerly Twitter) was hacked, and it was misused to direct users to a website aimed at stealing cryptocurrency from victims. The compromised account was renamed to ‘Phantom’ and was altered to appear associated with the legitimate Phantom cryptocurrency wallet. The hacker posted messages promoting a website hosted at claim-phntm.com, falsely claiming to distribute cryptocurrency tokens through an airdrop while its real intent was to steal users’ cryptocurrency. Additionally, the hijacked account was used to taunt the cybersecurity firm, urging it to change its password.
Mandiant took immediate action to recover the account, but the hacker managed to regain control at one point during the recovery process. The incident was closely monitored by researchers at MalwareHunterTeam, who noted that Mandiant’s recovery process was relatively swift compared to other similar incidents. It’s mentioned that web browsers currently flag the promoted domain as a potential phishing site.
Furthermore, it is noted that this incident coincided with cybersecurity company CloudSEK’s report on X Gold accounts being sold on the dark web, some fetching thousands of dollars, which can be used for phishing and disinformation campaigns.
SecurityWeek has reached out to Mandiant for additional details, and the article will be updated accordingly. Finally, the meeting notes refer to similar incidents of hacked accounts and scams, involving high-profile companies and individuals.