4TH JAN 2024
Welcome to our latest cybersecurity news roundup, where we bring you a succinct overview of recent developments in the digital security landscape. In this edition, we take a look at a Nigerian hacker, the Mandiant crypto scam, and the Gallery Systems outage.
Join us as we unravel the intricacies of these cybersecurity incidents impacting diverse sectors.
These stories made headlines in cybersecurity circles this week.
The Twitter account of Mandiant, an American cybersecurity firm, and a Google subsidiary, fell victim to a hijacking earlier today, during which it was manipulated to impersonate the Phantom crypto wallet and disseminate a cryptocurrency scam.
A spokesperson from Mandiant informed BleepingComputer about the incident, stating,
We are aware of the incident impacting the Mandiant X account and are working to resolve the issue."
Following the takeover, the attacker rebranded the account as '@phantomsolw' and endorsed a fraudulent website posing as the Phantom crypto wallet. This deceptive site falsely promised the distribution of free $PHNTM tokens through an airdrop.
Individuals clicking the 'Claim Airdrop' button without the Phantom wallet installed would be redirected to the legitimate site and prompted to install it. Once installed, the malicious website attempted to siphon funds from the victims' cryptocurrency wallets automatically. However, the Phantom Wallet now issues a warning, identifying the scam website as part of a phishing attack.
The threat actor responsible for the attack deleted the fraudulent tweet and shifted the focus to trolling Mandiant.
The attacker also retweeted posts from the official Phantom account, including advisories urging users to "never rush into clicking links," presumably to enhance the credibility of future cryptocurrency scam posts.
Mandiant's original Twitter handle, '@mandiant,' currently displays an error message stating, "This account doesn't exist. Try searching for another."
As of 1/3/24 at 9:49 ET, Mandiant informed BleepingComputer that they have regained control of the account on X and are actively working on restoring it. However, the username remains '@phantomsolw' at the time of this update, likely due to Twitter's restrictions on frequent name changes.
Law enforcement authorities in Ghana arrested Olusegun Samson Adejorin, a Nigerian national, on December 29. Adejorin faces charges linked to a sophisticated business email compromise (BEC) operation that inflicted substantial financial losses on charitable organizations in the United States, totaling over $7.5 million.
The apprehension follows an eight-count federal grand jury indictment in the U.S., outlining charges of wire fraud, aggravated identity theft, and unauthorized access to a protected computer. The fraudulent activities targeted two charitable organizations based in Maryland and New York.
The elaborate fraud scheme orchestrated by Adejorin transpired between June and August 2020. It involved unauthorized access to email accounts and the impersonation of employees associated with the targeted organizations. Acting under the guise of an employee from one charity, Adejorin manipulated another charity organization to authorize substantial fund withdrawals.
To execute withdrawals exceeding $10,000, Adejorin employed stolen credentials to send convincing emails posing as legitimate employees responsible for transaction approvals. The scheme also included Adejorin's acquisition of a credential harvesting tool designed to pilfer email login credentials, the registration of spoofed domain names, and the strategic concealment of fraudulent emails within an inconspicuous location in an employee’s mailbox.
If convicted, Adejorin faces severe legal consequences, including a maximum penalty of 20 years for wire fraud, five years for unauthorized access to a protected computer, and a mandatory two-year sentence for aggravated identity theft. Additionally, the U.S. Department of Justice (DoJ) highlights the potential extension of the sentence by seven years for the malicious registration and use of a domain name.
Gallery Systems, a leading museum software solutions provider, has officially revealed that the current IT outages experienced by the company stem from a ransomware attack that occurred last week.
The formation of Gallery Systems in April 2022, through a merger with Artsystems—a globally recognized leader in gallery and collection management software—solidified its position as a prominent entity in the industry.
With an extensive client portfolio encompassing over 800 museums, Gallery Systems services renowned institutions, including:
The Museum of Modern Art (MoMA) in New York
The Metropolitan Museum of Art (Met)
The Chrysler Museum of Art
The Museum of Pop Culture (MoPOP) in Seattle
The Barnes Foundation
The Crystal Bridges Museum of American Art
The San Francisco Museum of Modern Art (SFMOMA)
According to a customer notification, Gallery Systems fell victim to a ransomware attack on December 28th. As a precautionary measure, the company took systems offline immediately to halt the encryption of additional devices, preventing further compromise.
Gallery Systems is actively engaged in addressing the aftermath of the ransomware attack, working towards restoring normalcy in its operations and ensuring the security of its clients' data.
Check out our previous news reports about cybersecurity happenings around the world:
