Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack

Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.

As of writing, the account has been restored on the social media platform.

It’s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to “@phantomsolw” to impersonate the Phantom crypto wallet service, according to MalwareHunterTeam and vx-underground.

Mandiant, a leading threat intelligence firm, was acquired by Google in March 2022 for $5.4 billion. It is now part of Google Cloud.

“The Mandiant Twitter account takeover could have happened [in] a number of ways,” Rachel Tobac, CEO of SocialProof Security, said on X.

The development comes as CloudSEK revealed that cyber criminals are brute-forcing and hijacking verified Gold accounts on X and selling them on the dark web for up to $2,000 per account. Furthermore, threat actors have been observed to target dormant accounts associated with legitimate organizations to upgrade them to the Gold tier.

The compromised accounts are then used to post links to malicious domains, urge their followers to join random channels based on cryptocurrency, and propagate spam.