Mandiant regains control of X/Twitter account

The X/Twitter account of Google’s Mandiant cybersecurity service has been taken over by a hacker who is seemingly promoting a cryptocurrency scam.

The incident happened very early Wednesday morning, Eastern time. As of Wednesday afternoon, the account called Mandiant was still run by an operator called ‘Phantom.’ Messages posted refer to “token prices” and include a link to an app.

“We’re looking into it,” Mark Karayan, Mandiant’s media communications lead for threat intelligence, told IT World Canada. “It’s definitely been taken over … We’re working to get it resolved.”

Karayan couldn’t say how the incident happened.

UPDATE: On Thursday morning Mandiant said it has regained control over the account and is currently working on restoring content.

Google acquired Mandiant in 2022 for US$5.4 billion. Mandiant had been owned by FireEye, but was spun off after the parent company admitted in February 2021 that a threat actor had compromised the firm and made off with FireEye cybersecurity tools.

Google has been one of the leading IT suppliers pushing organizations around the world to adopt multifactor authentication (MFA) as an extra step to protect logins not only to its services, but also for any network-linked service. Google staff have had to use MFA for years. Since 2017, all Google employees were forced to adopt Google’s Titan key-based MFA to ensure staff aren’t victims of phishing attacks in which a victim is directed to a fake login site where their username and password can be copied.

It isn’t known if staff who had access to the Mandiant X/Twitter had to use security keys, which are USB sticks that have to be physically plugged into a computer to provide an extra login factor for access.

Still, experts note that, unless MFA systems are set up properly, hackers may be able to get around them by convincing IT support staff to reset passwords. If done through a man-in-the-middle attack, a hacker can get hold of a user’s session cookie to take over access.

RELATED CONTENT: Use these phishing-resistant authenticators

Perhaps by coincidence, the takeover of the Mandiant account this week comes with the revelation that the X/Twitter account of a Canadian senator was temporarily captured by a hacker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs