Mandiant regains control of X/Twitter account

The X/Twitter account of Google’s Mandiant cybersecurity service has been taken over by a hacker who is seemingly promoting a cryptocurrency scam.

The incident happened very early Wednesday morning, Eastern time. As of Wednesday afternoon, the account called Mandiant was still run by an operator called ‘Phantom.’ Messages posted refer to “token prices” and include a link to an app.

“We’re looking into it,” Mark Karayan, Mandiant’s media communications lead for threat intelligence, told IT World Canada. “It’s definitely been taken over … We’re working to get it resolved.”

Karayan couldn’t say how the incident happened.

UPDATE: On Thursday morning Mandiant said it has regained control over the account and is currently working on restoring content.

Google acquired Mandiant in 2022 for US$5.4 billion. Mandiant had been owned by FireEye, but was spun off after the parent company admitted in February 2021 that a threat actor had compromised the firm and made off with FireEye cybersecurity tools.

Google has been one of the leading IT suppliers pushing organizations around the world to adopt multifactor authentication (MFA) as an extra step to protect logins not only to its services, but also for any network-linked service. Google staff have had to use MFA for years. Since 2017, all Google employees were forced to adopt Google’s Titan key-based MFA to ensure staff aren’t victims of phishing attacks in which a victim is directed to a fake login site where their username and password can be copied.

It isn’t known if staff who had access to the Mandiant X/Twitter had to use security keys, which are USB sticks that have to be physically plugged into a computer to provide an extra login factor for access.

Still, experts note that, unless MFA systems are set up properly, hackers may be able to get around them by convincing IT support staff to reset passwords. If done through a man-in-the-middle attack, a hacker can get hold of a user’s session cookie to take over access.

RELATED CONTENT: Use these phishing-resistant authenticators

Perhaps by coincidence, the takeover of the Mandiant account this week comes with the revelation that the X/Twitter account of a Canadian senator was temporarily captured by a hacker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now