Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Government and official business X accounts hijacked by crypto scammers

High-profile verified accounts on X (formerly Twitter) are being hacked by cyber criminals to advertise cryptocurrency scams.

user icon Daniel Croft
Fri, 05 Jan 2024
Government and official business X accounts hijacked by crypto scammers
expand image

The hackers appear to be targeting accounts with gold or grey verification, which represent official organisations and government officials or agencies, respectively.

There have been several reported cases of these accounts being compromised, with the account of cyber threat intelligence firm Mandiant being one of the most notable.

After taking control of the Mandiant account, the hijacker renamed the account to @phantomsolw in an effort to impersonate the Phantom crypto wallet.

============
============

Once changed, the hackers spared no time posting about a “promotion” in which users of the wallet could claim free $PHNTM tokens.

Those without the wallet installed, as seen by BleepingComputer, are redirected to the legitimate site to download the wallet. However, once installed, those that clicked the link for the promotion will have their wallets drained.

Phantom said it had blocked the link to prevent further theft and added a pop-up warning users that the wallet had been used as part of a phishing scam.

“Phantom believes this website is malicious and unsafe to use. We have disabled the ability to interact with it in order to protect you and your funds,” said the pop-up.

Additionally, Mandiant told BleepingComputer that it was aware of the hijacking and had taken steps to fix it.

“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” it said.

Despite this, it appears that the hacker still has control of the Mandiant account but has given up the ploy of a legitimate promotion and has instead moved towards trolling Mandiant.

“Sorry, change password please,” said one post.

“Check bookmarks when you get account back.”

Following the Mandiant account takeover, a number of other accounts have been targeted in the same way, as tracked by MalwareHunterTeam.

These include the accounts of Brazilian politician Ubiratan Sanderson, Canadian senator Amina Gerba, and a non-profit called The Green Grid.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.