January 11, 2024 at 09:21AM
Mandiant’s social media account on platform X was hacked, resulting in a cryptocurrency theft campaign generating over $900,000 for cybercriminals. The attack involved promoting a fake website. The company’s investigation revealed a compromised password attack, leading to changes in their security process. Mandiant detailed the ClinkSink campaign and identified numerous affiliated IDs and wallet addresses associated with the operation. Other high-profile entities were also targeted in similar cryptocurrency schemes.
Key Takeaways from the Meeting Notes:
– Mandiant’s social media account on platform X was hacked as part of a cryptocurrency theft campaign that generated at least $900,000 for cybercriminals.
– The attack was likely due to a “brute-force password attack,” and it only impacted a single account.
– Mandiant admitted that due to changes in X’s 2FA policy and team transitions, they were not adequately protected, but have since made changes to prevent such incidents in the future.
– The campaign, named ClinkSink, utilized a so-called drainer-as-a-service to steal funds from owners of Solana cryptocurrency, and involved leveraging phishing pages to lure victims into connecting their wallets to claim a token airdrop, which would then allow cybercriminals to siphon funds from the victims.
– Mandiant identified multiple, differently branded drainer-as-a-service offerings related to the ClinkSink operation, and noted that the campaign affected other high-profile entities besides Mandiant.
– Other entities affected by similar attacks include the US Securities and Exchange Commission (SEC), CertiK, CoinGecko, Canadian senator Amina Gerba, Netgear, and Hyundai.