Share this
2024 Starts with Significant X Account Breaches: SEC, Mandiant & Netgear
by Barry McIntyre on (January 11, 2024 at 5:21 AM)
Since the start of the year, a surge of account breaches has caused significant disruptions for X users (formerly known as Twitter), specifically targeting verified organizations to spread cryptocurrency scams, distribute links that deplete wallets and provide misleading information. Among the prominent victims are the SEC, Mandiant (a Google subsidiary), Netgear, and Hyundai MEA.
@SECGov X Account Breach
During the week, the X @SECGov social media account belonging to the U.S. Securities and Exchange Commission was compromised, leading to the circulation of a misleading statement regarding the endorsement of Bitcoin ETFs (exchange-traded funds) on security exchanges. This occurrence caused a temporary surge in the value of Bitcoin and the FBI are investigating.
According to X's Safety team, the account takeover occurred because the hackers were able to hijack the phone number associated with the @SECGov account through a SIM-swapping attack. X also mentioned that the SEC's account did not have two-factor authentication (2FA) enabled when it was compromised.
Netgear and Hyundai MEA Accounts Compromised
The Twitter/X accounts of Netgear and Hyundai MEA were compromised in order to promote scams that aimed to infect unsuspecting individuals with malware that drains their cryptocurrency wallets.
The hackers took control of Hyundai MEA's (Middle East & Africa) account and rebranded it as Overworld, a "cross-platform multiplayer RPG" that receives support from Binance Labs, the venture capital and incubator division of the Binance cryptocurrency exchange.
Mandiant Account Hijacked
On January 3rd, Mandiant, a cyber threat intelligence company under Google, experienced a breach where hackers distributed a false airdrop, the site listed was designed to steal users’ cryptocurrency.
Normally, 2FA would have mitigated this, but due to some team transitions and a change in X's 2FA policy, we were not adequately protected. We've made changes to our process to ensure this doesn't happen again.
— Mandiant (@Mandiant) January 10, 2024
The threat actor responsible for compromising Mandiant's X social media account utilized it as a platform for directing users to a fraudulent webpage with the intention of pilfering cryptocurrency.
The company confirmed: "Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on, or compromise of, any Mandiant or Google Cloud systems that led to the compromise of this account."
Government and Business Profiles Targeted
Moreover, hackers are increasingly targeting verified government and business accounts on X that are distinguished by 'gold' and 'grey' checkmarks. Their objective is to promote cryptocurrency scams, phishing sites, and websites that drain crypto. On January 2nd, MalwareHunterTeam reported that the account of Canadian senator Amina Gerba had fallen into the hands of hackers.
The account of Amina Gerba, a senator in the Canadian Senate got pwned, renamed & being used to spread scam. And as she is a senator, the account has a gray checkmark.
— MalwareHunterTeam (@malwrhunterteam) January 2, 2024
🤷♂️
The actors are using it to fake as the "LFG" project that not even have a blue checkmark on their account.
😂 pic.twitter.com/keeyUPyggz
Share this
- April 2025 (1)
- October 2024 (2)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- May 2024 (3)
- April 2024 (3)
- March 2024 (5)
- February 2024 (5)
- January 2024 (3)
- December 2023 (1)
- November 2023 (2)
- October 2023 (4)
- September 2023 (3)
- August 2023 (3)
- July 2023 (4)
- June 2023 (3)
- May 2023 (6)
- April 2023 (3)
- March 2023 (7)
- February 2023 (7)
- January 2023 (4)
- December 2022 (1)