Security firm's social media account hacked by scammers

Google-owned Mandiant’s X account was taken over for 6 hours

Security firm’s social media account hacked by scammers

Image:
Security firm’s social media account hacked by scammers

The X account of Mandiant, the cybersecurity and threat intelligence company bought by Google in 2022, was taken over for 6 hours by a group of cryptocurrency scammers.

The account, which has more than 120,000 followers, was hijacked on Wednesday and used to impersonate Phantom, a cryptocurrency wallet popular with holders of the Ethereum and Solana currencies.

It was then used to persuade users to check their wallet for an airdrop - a free issuing of tokens. Unlucky holders who fell for the scam were then liable to have their wallets drained.

Image
Figure image
Description

Later the account's name was changed, and the hackers sent mocking messages to Mandiant, telling it to "change password please."

Mandiant's account was restored after 6 hours, according to reports, but at the time of writing the last message posted by it was dated 28th December.

It is not known how the hackers managed to get into Mandiant's account, although there is plenty of speculation on social media. The company has yet to issue an official statement about the matter.

It will certainly be an embarrassment to a company that is often the first port of call for major organisations that have been hit by cyberattacks, including by suspected state actors.

Alphabet acquired Mandiant in 2022 for $5.4 billion in order to provide Google Cloud with real-time threat intelligence technology and expertise from the cybersecurity firm's 18 years of working with some of the world's largest organisations.

Asked to comment, a Mandiant spokesperson said: "We are aware of the incident impacting the Mandiant X account. We've since regained control over the account and are currently working on restoring it."