Cyber-crime Cybersecurity Phishing

Twitter hackers target journalists and celebrities

Several high-profile social media accounts, predominantly of journalists, have been hacked. The takeovers represent an even more sinister turn in the world of account hijacking, showing the iceberg below the surface when it comes to breaching accounts.
The campaign is ongoing and the most recent victims include James Rosen, former Fox News correspondent; Clyde Haberman, former New York Times columnist. We advise social network users to be on the alert for malicious Direct Messages (DMs).
The attackers use DMs to spread different campaigns by sending phishing links from one breached account to the next target account, socially engineering the victim with language like “please read this important news.” The link redirects to a fake Twitter login page.
Using DMs to spread malicious content is nothing new, and there have been countless instances of hackers messaging the customers of a breached brand account with phishing links or malware exploits. This is often the worst-case scenario for a business as the success rate is very high, it decimates customer’s confidence in the organization’s security and it drastically reduces customer engagement.
Social media exploitation goes far beyond cyber vandals brute forcing passwords; it spans breached third-party applications, malicious social engineering accounts, impersonations of brands and people, spear-phishing, and targeted malware campaigns, data leakage, fraud, scams and much more. Businesses and governments must protect both themselves and their employees, who, as spokespeople, often represent the business online.
Mariah Carey, the five-time Grammy-winning recording artist, also fell victim to these attacks on December 31, 2019. Her official Twitter account was then used to propagate offensive messages. With the Mariah Carey Twitter account hack, those messages were primarily aimed at Eminem. Everything from posts purporting to come from Mariah Carey herself and stating that “Eminem has a little penis,” through to some so offensive, were published before control over the account was reclaimed. Twitter soon got on top of the attack, locking the account down and deleting the offensive postings. Unfortunately, those postings had been “liked” and retweeted thousands of times before they regained control.
The official Twitter account of the Uncut Gems actor, Adam Sandler, was hacked during the afternoon of January 2, 2020. The account, which has 2.4 million followers, soon became the latest to spew out offensive, often racist, messages from the Chuckling Squad hackers. Referencing the December 31 hack, one stated that “I just had phone sex with Mariah Carey,” while others attacked President Trump and retweeted racist postings about former President Obama. Once again, Twitter acted quickly to regain control of the account and delete the offensive postings.
ZeroFOX recommends all social media users keep an eye out for suspicious DMs. Always verify a message is genuine by contacting the sender on a different channel, ideally one that uses a different login or verification method in case they breach multiple accounts. Members of the media ought to be vigilant around this campaign.