The X (formerly Twitter) account of U.S. cybersecurity firm and Google Cloud subsidiary Mandiant was compromised for more than six hours by unknown attackers to spread cryptocurrency scams.
As of this writing, Account has been restored on social media platforms.
It’s unclear how the account was compromised.However, it was reported that the hacked Mandiant account was initially renamed “@phantomsolw” to impersonate the Phantom crypto wallet service Malware Hunter Team and vx-underground.
Specifically, the account’s scam posts promoted an airdrop scam, urging users to click on fake links and earn free tokens, followed by messages asking Mandiant to “please change your password” and “check your bookmarks when retrieving your account.”
Mandiant is a leading threat intelligence company acquired by Google in March 2022 for $5.4 billion. It is now part of Google Cloud.
“Mandiant Twitter account may have been taken over [in] SocialProof Security CEO Rachel Tobac said on X:
“Some have suggested turning on MFA to block the ATO, which is always a good idea* but it’s also possible that Twitter’s support staff were bribed or compromised, allowing an attacker to access Mandiant’s account*.”
The Hacker News has reached out to Mandiant for further comment and will update this story when we hear back.
