January 11, 2024 at 04:01AM
Mandiant’s X account was compromised by a brute-force attack, enabling the intruder to spread a cryptocurrency drainer called CLINKSINK. The attack targeted Solana cryptocurrency users and utilized phishing pages to redirect victims to approve fraudulent transactions. This incident reflects a growing trend of financially motivated threat actors targeting cryptocurrency assets through sophisticated drainer operations.
Summary of Meeting Notes – Jan 11, 2024
– Mandiant’s X (formerly Twitter) account was compromised due to a “brute-force password attack” by a drainer-as-a-service (DaaS) group.
– Lack of two-factor authentication and transition-related policy changes left the account vulnerable.
– The attack on Jan 3, 2023, allowed the threat actor to distribute phishing links hosting a cryptocurrency drainer, CLINKSINK, targeting Solana (SOL) cryptocurrency users.
– Multiple threat actors leveraged CLINKSINK to siphon funds and tokens from Solana users, involving affiliates who received a cut of the stolen assets.
– At least 35 affiliate IDs and 42 unique Solana wallet addresses were involved, resulting in over $900,000 in illegal profits.
– The attack chains utilized social media and chat apps to distribute cryptocurrency-themed phishing pages, tricking targets into connecting their wallets to claim a bogus token airdrop.
– CLINKSINK, a JavaScript drainer, checks wallet balances and siphons funds with victim-signed fraudulent transactions. Variants like Chick Drainer increase the availability to multiple threat actors.
– The widespread availability and potential profits make drainer operations attractive to financially motivated threat actors, with an anticipated increase in drainer operations due to the rise in cryptocurrency values.
– The compromise of the U.S. Securities and Exchange Commission (SEC) account also highlights the uptick in attacks targeting legitimate accounts to spread cryptocurrency scams.
For more exclusive content, follow us on Twitter and LinkedIn.
Please let me know if you need any more details or further information.