Twitter: hackers launch social engineering attacks on Twitter employees in the spam campaign
The well-known social networking site Twitter was attacked by a large-scale cyber attack recently, and the official authentication accounts of a large number of celebrities and politicians were hacked and posted fake phishing content.
The ability to launch such a large-scale network attack is usually considered to have a critical vulnerability, but the network attack on Twitter did not come from a critical security vulnerability.
Preliminary investigation results show that hackers launched a social engineering attack on some Twitter employees with authority, and finally successfully obtained internal management authority.
Circulated screenshots show that there is a special control panel inside Twitter that can manage all accounts, such as checking account permanent ban, a temporary ban, and protection status.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter explained five hours into the incident investigation.
“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
Twitter said that after discovering the attack, some accounts have been locked. After the problem has been completely resolved, Twitter has unlocked the accounts of these celebrities to resume the tweet function.
Twitter only stated that it was under a coordinated social engineering attack, but it did not disclose the specific ways that hackers used to launch attacks and phish their employees.
According to the news released by the official Twitter account, the company is currently actively investigating other systems to check whether other systems have been hacked.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
— Support (@Support) July 16, 2020
Via: bleepingcomputer