Security News > 2020 > July > Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack
Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users' timelines polluted with a Bitcoin scam.
"The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack," says a July 30 update to Twitter's incident report.
"A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools," Twitter's security folk explain.
"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes."
Twitter has not explained what it means by "Phone spear phishing." SMS is a known phishing vector, and a link sent as a text that induced Twitter staff to use their credentials is not hard to imagine.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/31/twitter_spear_phishing/
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)