The X (Previously known as Twitter) of “Mandiant”, a U.S.-based cybersecurity company as well as a Google Cloud subsidiary, has been compromised for more than 6 hours by an identified hacker to carry out a crypto scam. As per the report, the account has been restored to the original owner.
As of now, it is not clear how the hacker breached the account, but it was initially renamed “@phantomsolw” to imitate the Phantom cryptocurrency wallet service, as per vx-underground & MalwareHunterTeam.
Particularly speaking, the posts that the scammer posted advertised an airdrop (malicious one) that motivated users to click on a malicious link and earn free tokens. Apart from this, a couple of messages also appeared that asked Mandiant to “Check Bookmarks When You Get Your Account Back” and “Change Password Please”.
Google acquired Mandiant, a leading threat intelligence company, in March 2022 for $5.4 billion. The company is in a Google Cloud segment now.
Rachel Tobac (CEO of SocialProof Security) stated on X that “The Mandiant Twitter account takeover could have happened [in] a number of ways”.
"Some folks are giving the advice to turn on MFA to prevent ATO and of course that is a good idea always but it's also possible that someone in Support at Twitter was bribed or compromised which allowed the attacker access to Mandiant's account."