TL;DR:
Mandiant’s X (formerly Twitter) account was hacked in a brute-force password attack. The attackers were able to take control of the account and distribute links to a phishing page that hosted a cryptocurrency drainer known as CLINKSINK. Multiple threat actors have leveraged CLINKSINK to siphon funds and tokens from Solana cryptocurrency users, resulting in illegal profits of at least $900,000. The attack chain involved the use of social media and chat applications to distribute cryptocurrency-themed phishing pages. Mandiant predicts that financially motivated threat actors will continue to conduct drainer operations in the future due to the increased value of cryptocurrencies and the low barrier to entry for such attacks.
Key points:
- The compromise of Mandiant’s X account was likely the result of a brute-force password attack.
- The attack enabled the threat actor to take control of the account and distribute links to a phishing page hosting a cryptocurrency drainer known as CLINKSINK.
- Mandiant believes that multiple threat actors have used CLINKSINK to siphon funds and tokens from Solana cryptocurrency users.
- The attack involved the use of social media and chat applications to distribute cryptocurrency-themed phishing pages.
- CLINKSINK is designed to open a pathway to targeted wallets, check their current balance, and ultimately steal funds by tricking victims into signing a fraudulent transaction.
- Mandiant anticipates that financially motivated threat actors will continue to conduct drainer operations due to the increased value of cryptocurrencies and the low barrier to entry for such attacks.
Source: The Hacker News