In the most recent wave of cyber threats, the official X accounts (formerly known as Twitter) of technology giant Netgear and Hyundai MEA (Middle East & Africa) have fallen victim to hackers orchestrating scams to disseminate cryptocurrency wallet drainer malware.
These compromised Twitter accounts of Netgear and Hyundai MEA, collectively boasting over 160,000 followers, were manipulated to spread deceptive content crafted to infect unsuspecting victims.
In Detail: Netgear and Hyundai MEA Twitter Account Hacked
While Hyundai MEA has successfully regained control of its Twitter account and removed any links leading users to malicious websites, Netgear is still in the process of recovering, leaving some of the attackers’ tweets untouched.
In an attempt to lend credibility to their malicious activities, the attackers rebranded Hyundai MEA’s account to impersonate Overworld, a cross-platform multiplayer RPG. Overworld, supported by Binance Labs, the venture capital and incubator arm of the Binance cryptocurrency exchange, is often a target for impersonation in similar scams.
To counter this, Overworld routinely advises its Twitter followers to exercise caution and only click on links from the official @OverworldPlay account.
Netgear’s compromised account, under hacker control since at least January 6th, was utilized to respond to tweets from BRCapp, a tactic aimed at enticing followers to a malicious website promising substantial rewards for the first 1,000 newly registered users. Tragically, individuals who connected their wallets to the site fell victim to asset and NFT theft by the threat actors.
Despite attempts by the Cyber Express Team to contact Netgear and Hyundai officials, no response had been received at the time of compiling this report.
Why Verified Accounts Are Targeted
This incident highlights a concerning and escalating trend where hackers strategically target verified government and business Twitter accounts, easily recognizable by the prestigious ‘gold’ and ‘grey’ checkmarks, to lend an aura of legitimacy to their malicious endeavors.
Unfortunately, these compromised Twitter accounts have become conduits for the dissemination of a variety of cyber threats, ranging from cryptocurrency scams and phishing schemes to crypto drainers.
The sophistication of these Twitter cyberattacks is particularly evident in the recent compromise of the Twitter account belonging to CertiK, a prominent web3 security firm. This data breach occurred last Friday and had severe consequences, as it facilitated the distribution of a crypto drainer along with a link redirecting users to a malicious website.
The incident serves as a reminder of the evolving tactics employed by hackers to exploit reputable entities for their malicious purposes.
Furthermore, the unsettling trend extends to even well-secured accounts, as seen in the hijacking of the Twitter account belonging to Mandiant, a cybersecurity firm and subsidiary of Google. This breach occurred on Wednesday, despite the account having two-factor authentication (2FA) enabled, highlighting the audacity and evolving capabilities of cybercriminals.
The fact that companies in the cybersecurity sector, such as CertiK and Mandiant, are not immune to these sophisticated cyberattacks raises serious concerns about the overall vulnerability of online platforms.
It emphasizes the pressing need for heightened security measures, continuous monitoring, and proactive responses to mitigate the risks associated with the growing threat landscape on social media.
As these Twitter account hacked incidents become more frequent and intricate, there is an urgent call for both individual users and organizations to remain vigilant, adopt robust cybersecurity practices, and collaborate with platform providers to enhance the overall resilience against these pervasive cyber threats.
The battle against cybercriminals requires a collective effort and a proactive approach to stay one step ahead in the ever-evolving landscape of online security.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
