Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.

As of writing, the account has been restored on the social media platform.

It’s currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to “@phantomsolw” to impersonate the Phantom crypto wallet service, according to MalwareHunterTeam and vx-underground.

Specifically, the scam posts from the account advertised an airdrop scam that urged users to click on a bogus link and earn free tokens, with follow-up messages asking Mandiant to “change password please” and “check bookmarks when you get account back.”

Mandiant, a leading threat intelligence firm, was acquired by Google in March 2022 for $5.4 billion. It is now part of Google Cloud.

“The Mandiant Twitter account takeover could have happened [in] a number of ways,” Rachel Tobac, CEO of SocialProof Security, said on X.

“Some folks are giving the advice to turn on MFA to prevent ATO and of course that is a good idea always *but it’s also possible that someone in Support at Twitter was bribed or compromised which allowed the attacker access to Mandiant’s account*.”

The Hacker News has reached out to Mandiant for further comments, and we will update the story once we hear back.