X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist
Miscreants mock Google-owned security house: 'Change password please'
Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.
"We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation," a spokesperson told The Register. "We've since regained control and the account has been restored."
But before this happened, the account had been renamed "@phantomsolw," spoofing the legitimate Phantom crypto wallet service. They then encouraged people to visit a phony website, pledging to distribute free $PHNTM tokens, which, of course, was a scam.
It's unclear if anyone lost any coins via the attempted theft.
Later, as Mandiant worked to restore its social media account, the fraudsters taunted the threat hunters to "change password please" and "check bookmarks when you get account back."
Mandiant isn't the first well-known organization or individual to have its account hijacked. Who can forget the 2020 takeovers of accounts belonging to Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, former US president Barack Obama, and Tesla CEO Elon Musk (before he bought the site) to promote a Bitcoin scam?
- X reverses course on headlines in article links – but just a little and maybe not
- EU launches investigation into X under Digital Services Act
- Formal ban on ransomware payments? Asking orgs nicely to not cough up ain't working
- A tale of 2 casino ransomware attacks: One paid out, one did not
Still, it's not a good look for what is arguably the leading threat intelligence and incident response firm that Google bought for $5.4 billion in March 2022.
The Register asked X to comment and received the auto-generated "Busy now, please check back later" response, which the website now uses instead of the poop emoji reply to any press emails.
Mandiant's short-lived compromise comes as another security firm, CloudSEK, warns of a "surge" in criminals taking over and then selling X "Gold" accounts [PDF] for as much as $2,500.
"A hacked or compromised Twitter account can be exploited to mass spread phishing campaigns," the infosec outfit notes. "This, in turn, damages the reputation and brand of the company whose account was compromised, clearly displaying a lack of stringent security policies and a weak incident response plan." ®