Rewterz Threat Update – Cybercriminals Exploit Official and Corporate Accounts on X to Carry Out Crypto Frauds

Severity

High

Analysis Summary

In a concerning trend, threat attackers are increasingly targeting verified accounts on X, the platform formerly known as Twitter. These accounts, marked with ‘gold’ and ‘grey’ checkmarks, are associated with government and business profiles, making them particularly attractive to cybercriminals. The attackers exploit these verified accounts to promote cryptocurrency scams, phishing sites, and crypto-draining schemes.

A notable incident involved the X account of Mandiant, a cyber threat intelligence company and subsidiary of Google, which was recently hijacked. The attackers utilized the compromised account to distribute a fake airdrop, depleting cryptocurrency wallets. This incident is even more puzzling because Mandiant had two-factor authentication enabled on the account.

Researchers have been actively monitoring such activities on X and reported several instances of compromised “gold” and “grey” accounts. Notable figures affected include Canadian senator Amina Gerba, nonprofit consortium ‘The Green Grid,’ and Brazilian politician Ubiratan Sanderson.

The verification system on X employs different colored badges to signify various types of accounts. A gold checkmark indicates an official organization or company, while a grey badge marks profiles representing a government organization or official entity. These badges, earned through strict eligibility requirements, inspire trust, and content from verified accounts is generally considered more reliable.

However, this trust is now being exploited by threat actors, turning gold and grey badge accounts into targets and commodities in a growing black market. A recent report shows the emergence of a marketplace where compromised gold and grey X accounts are sold for prices ranging from $1,200 to $2,000.

X’s verification and paid subscription system, aimed at increasing the cost and difficulty of impersonation and scams, appears to be falling short in protecting these high-profile accounts. As cybercriminals continue to exploit the trust associated with verified accounts, there is a pressing need for enhanced security measures to safeguard the integrity of these platforms and the users who rely on them.

Impact

• Sensitive Information Theft
• Financial Loss

Remediation

• Always be suspicious about emails sent by unknown senders.
• Never click on links/attachments sent by unknown senders.
• Ensure that general security policies are employed including implementing strong passwords, correct configurations, and proper administration security policies.
• Enable multifactor authentication (MFA).
• Enable conditional access policies to block attacks that use stolen credentials.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.