Mandiant suffers phishing attack on its X Account and exposes CLINKSINK malware


Mandiant, a threat intelligence company affiliated with Google Cloud, recently made headlines as it fell victim to a hacking group orchestrating crypto-related phishing campaigns. On January 3rd, 2024, the company faced a significant setback when its official Twitter account, now known as X, was compromised. The hackers exploited this opportunity to disseminate phishing links associated with cryptocurrency draining to more than 127,500 of its followers.

The breach occurred despite Mandiant’s implementation of 2FA-enabled security authentication, as the hackers managed to circumvent these measures through a brute force password attack. Preliminary investigations suggest that the criminal group’s elaborate scheme to lure followers into a digital currency scam did not succeed, sparing them from the potential impact.

In response to the security incident, Mandiant is actively assessing all potential risks and has taken proactive measures to bolster its defenses. This includes changing the account password and implementing additional security protocols to thwart sophisticated attacks in the future.

Indirectly attributing the breach to recent changes in the 2FA policy enforced by the social media giant, Mandiant appears critical of the decision to limit this authentication feature to premium users since February 2023. This shift raises concerns about the vulnerability of active users who do not have access to this enhanced security feature, potentially exposing them to similar cyber threats in the near future.

The hacking incident is suspected to involve a “drainer as a service” group associated with the distribution of CLINKSINK malware. This malicious software exploits vulnerabilities in smart contracts, facilitating the theft of funds. The implications of such attacks are far-reaching, highlighting the need for heightened cybersecurity measures across various industries.

The commencement of the new year witnessed a spate of similar cyber attacks on prominent companies. Hyundai, Netgear, Certik, and US-SEC accounts were among those compromised, contributing to the proliferation of crypto scams. These compromised accounts were exploited to promote BTC trading, consequently impacting the value of the cryptocurrency. This alarming trend underscores the evolving nature of cyber threats and the imperative for organizations to fortify their digital defenses.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display