Since the start of the year, a surge of account breaches has caused significant disruptions for X users (formerly known as Twitter), specifically targeting verified organizations to spread cryptocurrency scams, distribute links that deplete wallets and provide misleading information. Among the prominent victims are the SEC, Mandiant (a Google subsidiary), Netgear, and Hyundai MEA.
@SECGov X Account Breach
During the week, the X @SECGov social media account belonging to the U.S. Securities and Exchange Commission was compromised, leading to the circulation of a misleading statement regarding the endorsement of Bitcoin ETFs (exchange-traded funds) on security exchanges. This occurrence caused a temporary surge in the value of Bitcoin and the FBI are investigating.
According to X's Safety team, the account takeover occurred because the hackers were able to hijack the phone number associated with the @SECGov account through a SIM-swapping attack. X also mentioned that the SEC's account did not have two-factor authentication (2FA) enabled when it was compromised.
Netgear and Hyundai MEA Accounts Compromised
The Twitter/X accounts of Netgear and Hyundai MEA were compromised in order to promote scams that aimed to infect unsuspecting individuals with malware that drains their cryptocurrency wallets.
The hackers took control of Hyundai MEA's (Middle East & Africa) account and rebranded it as Overworld, a "cross-platform multiplayer RPG" that receives support from Binance Labs, the venture capital and incubator division of the Binance cryptocurrency exchange.
Mandiant Account Hijacked
On January 3rd, Mandiant, a cyber threat intelligence company under Google, experienced a breach where hackers distributed a false airdrop, the site listed was designed to steal users’ cryptocurrency.
The threat actor responsible for compromising Mandiant's X social media account utilized it as a platform for directing users to a fraudulent webpage with the intention of pilfering cryptocurrency.
The company confirmed: "Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on, or compromise of, any Mandiant or Google Cloud systems that led to the compromise of this account."
Government and Business Profiles Targeted
Moreover, hackers are increasingly targeting verified government and business accounts on X that are distinguished by 'gold' and 'grey' checkmarks. Their objective is to promote cryptocurrency scams, phishing sites, and websites that drain crypto. On January 2nd, MalwareHunterTeam reported that the account of Canadian senator Amina Gerba had fallen into the hands of hackers.
