Connect with us

Hi, what are you looking for?



Hacked Mandiant X Account Abused for Cryptocurrency Theft

Mandiant’s account on X, formerly Twitter, was hacked and used to lure users to a cryptocurrency phishing site.

Mandiant’s account on the social media platform X, formerly Twitter, was hacked on Wednesday and abused to lure users to a website designed to steal cryptocurrency from victims. 

The account of Mandiant, which is part of Google Cloud, was renamed to ‘Phantom’ and its profile image and description were updated to appear affiliated with the legitimate Phantom cryptocurrency wallet.

Messages posted on the hijacked account promoted a website hosted at, which claimed to distribute cryptocurrency tokens through an airdrop. In reality, the site is designed to steal users’ cryptocurrency. 

The hacked account was later used to troll the cybersecurity firm, telling it to change its password.

Mandiant immediately took action to recover the account, but the hacker regained control at one point during the recovery process. 

Researchers at MalwareHunterTeam, who have been monitoring the incident, noted that it did not take Mandiant long to recover the account, considering that it has taken some X users days or even more to regain complete control of their account following a hacker attack.

While the hacker posted a message urging Mandiant to change its password, in many cases social media account hijacking involves abusing a third-party service rather than a direct attack on the account. 

SecurityWeek has reached out to Mandiant for more information and will update this article if the company provides additional details.  

Major web browsers currently flag the domain promoted by the hacker as a potential phishing site. 

Advertisement. Scroll to continue reading.

This incident occurred just as cybersecurity company CloudSEK published a report on X Gold accounts being sold on the dark web, in some cases for thousands of dollars. These accounts can be highly useful for phishing, disinformation and other types of campaigns.

Update: Mandiant told SecurityWeek that it’s investigating the incident.

“We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation. We’ve since regained control and the account has been restored,” said a Mandiant spokesperson.

Related: Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists

Related: Targeted Links Used to Steal Tens of Millions in Global Scam Campaign

Related: Indian PM’s Twitter Hacked Again by Crypto Scammers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.