Phone vishing attack used to hack twitter employees that caused the Bitcoin scam

An update on recent attacks on Twitter has been released. During these attacks, detected on July 15, threat actors managed to compromise some social media accounts using high-profile accounts.  

The social media mentions that the attack was made possible by some employees being attacked using spear phishing campaigns. Employees reportedly received phone calls purportedly from other Twitter staff members, allowing threat actors to obtain login credentials to access the company’s networks.

Although at the time Twitter acknowledged that its internal tools were compromised, no further details have been added: “The attack was based on an attempt to deceive hundreds of employees into gaining access to our internal systems,” the security alert says.

In total, 130 accounts were compromised, of which 45 were used to post tweets. In addition, direct messages from 36 accounts were manipulated by hackers.

“By obtaining employee credentials, attackers were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts: hackers tweeted from 45 accounts, accessed 36 inbox and downloaded data from 7 accounts.” 

In response to the incident, Twitter restricted some features and blocked some of the compromised accounts. The social network added that access to its internal tools is also limited, at least until the threat is considered fully mitigated.

During the attack, hackers used important accounts to tweet about a Bitcoin scam. Affected users include former U.S. President Barak Obama, politician Joe Biden, businessman Elon Musk, Bill Gates, among other famous individuals. The incident was so relevant that even Federal Bureau of Investigation (FBI) is collaborating with the social network. At the moment it is unknown how many users fell into the trap, although this could be revealed when analyzing the cryptocurrency addresses associated with the attack.