Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
How hackers managed to use the image of a well-known information security company for easy earnings.
On January 3, 2024, the account of the information security company Mandiant on the Elon Musk X was hacked to distribute phishing links to pages that steal cryptocurrency.
The hacked account was restored without damage to Mandiant or Google Cloud systems, but thousands of users managed to fall for the bait of intruders.
The investigation revealed that the account was most likely compromised as a result of a password-guessing attack. "Two-factor authentication was supposed to prevent hacking, but due to changes in the team and 2FA policy on the X platform, we were not sufficiently protected. We have changed our two — factor authentication process to prevent similar incidents from happening again," Mandiant explained.
Since December 2023, attackers have been using malware called CLINKSINK to steal funds and tokens from Solana users. The malicious campaign includes the distribution of phishing pages on the X and Discord platforms disguised as legitimate cryptocurrency resources such as Bonk, DappRadar and Phantom.
CLINKSINK is not just a malware, but a full-fledged Drainer-as-a-Service (DaaS) package that provides attackers with a ready-made drainer program for stealing cryptocurrency.
The researchers identified 35 different affiliated IDs and 42 Solana wallet addresses associated with this campaign. The analysis showed that operators and affiliates earned at least 900 thousand dollars, with about 80% of the funds usually going to affiliates, and the rest to operators.
During the attack, victims are asked to connect their cryptocurrency wallet ostensibly to receive free tokens, after which they sign fake transactions that allow attackers to steal all funds from this wallet.
During the investigation, Mandiant specialists found several DaaS offers using the CLINKSINK drainer or its variants, including "Chick Drainer" and "Rainbow Drainer".
Experts also revealed a steady interest of attackers in cryptocurrencies and various related services, which may lead to an increase in the number of such attacks in the future.
At the end of their report, Mandiant experts introduced the YARA rule for identifying CLINKSINK activity, which can help other users protect their assets.
The growing popularity and value of cryptocurrencies, as well as a low entry threshold for attacks, make drainer operations attractive for financially motivated attackers. It is important to remain vigilant and use reliable methods of protection, so as not to fall into the trap of crypto scammers.
On January 3, 2024, the account of the information security company Mandiant on the Elon Musk X was hacked to distribute phishing links to pages that steal cryptocurrency.
The hacked account was restored without damage to Mandiant or Google Cloud systems, but thousands of users managed to fall for the bait of intruders.
The investigation revealed that the account was most likely compromised as a result of a password-guessing attack. "Two-factor authentication was supposed to prevent hacking, but due to changes in the team and 2FA policy on the X platform, we were not sufficiently protected. We have changed our two — factor authentication process to prevent similar incidents from happening again," Mandiant explained.
Since December 2023, attackers have been using malware called CLINKSINK to steal funds and tokens from Solana users. The malicious campaign includes the distribution of phishing pages on the X and Discord platforms disguised as legitimate cryptocurrency resources such as Bonk, DappRadar and Phantom.
CLINKSINK is not just a malware, but a full-fledged Drainer-as-a-Service (DaaS) package that provides attackers with a ready-made drainer program for stealing cryptocurrency.
The researchers identified 35 different affiliated IDs and 42 Solana wallet addresses associated with this campaign. The analysis showed that operators and affiliates earned at least 900 thousand dollars, with about 80% of the funds usually going to affiliates, and the rest to operators.
During the attack, victims are asked to connect their cryptocurrency wallet ostensibly to receive free tokens, after which they sign fake transactions that allow attackers to steal all funds from this wallet.
During the investigation, Mandiant specialists found several DaaS offers using the CLINKSINK drainer or its variants, including "Chick Drainer" and "Rainbow Drainer".
Experts also revealed a steady interest of attackers in cryptocurrencies and various related services, which may lead to an increase in the number of such attacks in the future.
At the end of their report, Mandiant experts introduced the YARA rule for identifying CLINKSINK activity, which can help other users protect their assets.
The growing popularity and value of cryptocurrencies, as well as a low entry threshold for attacks, make drainer operations attractive for financially motivated attackers. It is important to remain vigilant and use reliable methods of protection, so as not to fall into the trap of crypto scammers.
