January 10, 2024 at 05:26PM
Mandiant, a cybersecurity firm and Google subsidiary, had its Twitter account hijacked by a Drainer-as-a-Service gang. The attacker redirected over 123,000 followers to a phishing page to steal cryptocurrency, with an estimated minimum of $900,000 in assets stolen. Verified organizations like the U.S. Securities and Exchange Commission have also been impacted by similar attacks.
Key takeaways from the meeting notes:
1. Mandiant’s Twitter/X account was hijacked by a Drainer-as-a-Service (DaaS) gang using likely a brute force password attack. This occurred due to inadequate protection resulting from team transitions and a change in 2FA policy.
2. The threat actor redirected Mandiant’s 123,000+ followers to a phishing page to steal cryptocurrency, but no evidence of compromise of Mandiant or Google Cloud systems was found.
3. The attacker utilized a wallet drainer called CLINKSINK, part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared DaaS, with operators receiving a 20% share of stolen funds.
4. Verified X accounts, including the U.S. Securities and Exchange Commission’s @SECGov social media account, have been compromised to spread cryptocurrency scams and drainer links.
5. Hijacked X accounts with ‘gold’ and ‘grey’ checkmarks are being used to legitimize tweets redirecting users to cryptocurrency scams and phishing sites.
6. X users are exposed to an ongoing deluge of malicious cryptocurrency ads, fake airdrops, and various scams.
In conclusion, the meeting notes highlight the pervasive threat of account hijackings and the use of sophisticated techniques by threat actors to exploit verified accounts and spread cryptocurrency-related scams, underscoring the importance of robust security measures and heightened vigilance across X’s social media platforms.