Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as “likely a brute force password attack.”
“Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We’ve made changes to our process to ensure this doesn’t happen again,” the company said.
The threat actor who took over Mandiant’s X social media account used it to share links, redirecting the company’s over 123,000 followers to a phishing page to steal cryptocurrency.
“Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on, or compromise of, any Mandiant or Google Cloud systems that led to the compromise of this account,” the company added.
As Mandiant found during a follow-up investigation into the incident, the attacker used a wallet drainer dubbed CLINKSINK. This same drainer has been used since December to steal funds and tokens from users of Solana (SOL) cryptocurrency as part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared drainer-as-a-service (DaaS).
The affiliates use drainer scripts to steal cryptocurrency and are expected to give the operators a 20% share of all stolen funds. They use hijacked X and Discord accounts to share cryptocurrency-themed phishing pages impersonating Phantom, DappRadar, and BONK with fake token airdrop themes.
Targets visiting these malicious pages are asked to link their crypto wallets to claim the token airdrop, allowing the malicious actors to siphon their funds if they authorize a transaction to the drainer service.
The estimated value of assets stolen in these recent attacks totals a minimum of $900,000, according to Mandiant.
“The identified campaigns included at least 35 affiliate IDs that are associated with a common drainer-as-a-service (DaaS), which uses CLINKSINK,” Mandiant said.
“The operator(s) of this DaaS provide the drainer scripts to affiliates in exchange for a percentage of the stolen funds, typically around 20%.”
X users under attack
Since the start of the year, a massive wave of account breaches has impacted X users, with verified organizations getting hacked to spread cryptocurrency scams and links to wallet drainers.
Yesterday, the X @SECGov social media account for the U.S. Securities and Exchange Commission
Click Here to Read the Full Original Article at BleepingComputer…