Sunday, February 9, 2025
Homecyber securityNew Phishing Attack Hijacks High-Profile X Accounts to Promote Scam Sites

New Phishing Attack Hijacks High-Profile X Accounts to Promote Scam Sites

Published on

SIEM as a Service

Follow Us on Google News

A new wave of phishing attacks has been identified, targeting high-profile accounts on the social media platform X (formerly Twitter).

This campaign, analyzed by SentinelLABS, aims to hijack accounts belonging to prominent individuals and organizations, including U.S. political figures, international journalists, employees of X, and cryptocurrency entities.

The compromised accounts are then exploited to promote fraudulent cryptocurrency schemes, amplifying the attackers’ reach and financial gains.

The campaign employs a variety of phishing techniques to deceive users into revealing their credentials.

Common lures include fake account login notifications and copyright violation alerts.

X Accounts
X fake copyright infringement page

These messages often contain malicious links redirecting victims to phishing websites designed to harvest login information.

Notably, attackers have utilized Google’s AMP Cache domain to bypass email security filters and direct users to deceptive pages.

Once an account is compromised, the legitimate owner is locked out, and the account is used to post scam content or links targeting additional victims.

Infrastructure and Techniques Reveal Adaptability

The infrastructure supporting this campaign demonstrates significant flexibility and adaptability.

Domains such as “securelogins-x[.]com” and “x-recoverysupport[.]com” have been identified as hosting phishing pages, while email delivery is facilitated through related domains.

Much of the activity traces back to an IP address associated with a Belize-based VPS service provider, with domain registrations linked to a Turkish hosting provider.

These findings indicate a loosely organized yet effective operational model.

Interestingly, some phishing sites leverage FASTPANEL, a legitimate website hosting service known for its ease of use and scalability.

While not inherently malicious, FASTPANEL’s features make it attractive for cybercriminals seeking rapid deployment of phishing campaigns.

Domains like “buy-tanai[.]com” serve as placeholders for future attacks, with content that can be quickly updated to align with ongoing schemes.

Historical Connections

The campaign’s scope extends beyond X accounts, with similar tactics observed on other platforms like Telegram.

Recent incidents include the compromise of the Tor Project’s official X account and DAWN’s social media presence.

These breaches were used to lure victims into phishing traps targeting cryptocurrency enthusiasts.

Additionally, historical analysis reveals connections to past attacks on high-profile accounts, such as the 2024 compromise of Linus Tech Tips’ X account.

The attackers’ financial motives are evident in their promotion of fraudulent cryptocurrency projects.

For instance, domains like “buy-tanai[.]com” have been linked to pump-and-dump schemes involving tokens like TANA AI.

X Accounts
FASTPANEL landing page on buy-tanai[.]com

These scams exploit the volatile nature of cryptocurrency markets to generate quick profits at the expense of unsuspecting investors.

To protect against such threats, users are advised to adopt strong security practices, including enabling two-factor authentication (2FA), using unique passwords, and avoiding interactions with unsolicited links.

Verifying URLs before clicking and initiating password resets directly through official platforms can further reduce risks.

Organizations should also invest in advanced threat detection systems to identify and mitigate phishing attempts proactively.

According to the SentinelLABS Report, this campaign underscores the evolving tactics of cybercriminals in leveraging social media platforms for financial exploitation.

As attackers continue to refine their methods, vigilance remains critical in safeguarding digital identities and assets from compromise.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...