Mandiant’s X account has been hacked with a brute-force attack

Twitter Brute-Force Attack

The breach of Mandiant’s

“Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not sufficiently protected,” the threat intelligence agency said. said in a post shared on X.

The attack, which took place on January 3, 2023, allowed the threat actor to take control of the company’s X account and spread links to a phishing page hosting a cryptocurrency drainer tracked as CLINKSINK.

Drainers refer to malicious scripts and smart contracts that facilitate the theft of digital assets from the victim’s wallet after tricking them into authorizing the transactions.

According to the Google subsidiary, multiple threat actors are believed to have used CLINKSINK to siphon funds and tokens from users of Solana (SOL) cryptocurrency since December 2023.

As observed in the case of other drainers such as Angel Drainer and Inferno Drainer, affiliates are engaged by the DaaS operators to carry out the attacks in exchange for a cut (typically 20%) on the stolen assets.

The identified activity cluster includes at least 35 affiliate IDs and 42 unique Solana wallet addresses, allowing the actors to collectively earn no less than $900,000 in illicit profits.

The attack chains involve using social media and chat applications such as X and Discord to spread cryptocurrency-themed phishing pages that encourage targets to connect their wallets to claim a fake. symbolic air drop.

“After connecting their wallet, the victim is asked to sign a transaction with the drainer service, which allows it to siphon money from the victim,” said security researchers Zach Riddle, Joe Dobson, Lukasz Lamparski, and Stephen Eckels. said.

CLINKSINK, a JavaScript drainer, is designed to open a path to the targeted wallets, check the current balance in the wallet, and ultimately commit the theft after asking the victim to sign a fraudulent transaction. This also means that the attempted theft will not be successful if the victim rejects the transaction.

The drainer has also spawned several variants, including Chick Drainer (or Rainbow Drainer), raising the possibility of its source code being available to multiple threat actors, allowing them to mount independent drainage campaigns.

“The wide availability and low cost of many drainers, combined with a relatively high profit potential, likely makes them attractive to many financially motivated actors,” Mandiant said.

“Given the rise in the value of cryptocurrency and the low barrier to entry for drain operations, we expect that financially motivated threat actors of varying levels of sophistication will continue to conduct drain operations for the foreseeable future.”

The development comes amid a rise in attacks targeting legitimate X accounts to spread cryptocurrency scams.

Earlier this week, the X account was linked to the US Securities and Exchange Commission (SEC). violated to falsely claim that the regulatory body had approved the “listing and trading of spot bitcoin exchange-traded products,” causing bitcoin prices to briefly rise.

X has since revealed the hack was the result of “an unidentified individual gaining control of a phone number associated with the @SECGov account through a third party,” and that the account did not have two-factor authentication enabled.


#Mandiants #account #hacked #bruteforce #attack

Notify of
Inline Feedbacks
View all comments
Previous Post
Unity Connection Software

Cisco fixes a high-risk vulnerability affecting Unity Connection software

Next Post
Ransomware Armageddon

There is a Ransomware Armageddon coming for all of us

Related Posts