Enlarge (credit: ALAIN JOCARD / Contributor | AFP )

There's currently a surge in cryptocurrency and phishing scams proliferating on X (formerly Twitter)—hiding under the guise of gold and gray checkmarks intended to mark "Verified Organizations," reports have warned this week.

These scams seem to mostly commandeer dormant X accounts purchased online through dark web marketplaces, according to a whitepaper released by the digital threat monitoring platform CloudSEK. But the scams have also targeted high-profile X users who claim that they had enhanced security measures in place to protect against these hacks.

This suggests that X scammers are growing more sophisticated at a time when X has launched an effort to sell even more gold checks at lower prices through a basic tier announced this week.

Enlarge

Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Twitter) on Wednesday after an unknown scammer hijacked it and used it to spread a link that attempted to steal cryptocurrency from people who clicked on it.

“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” company officials wrote in a statement. “We've since regained control over the account and are currently working on restoring it.” The statement didn’t answer questions asking if the company had determined how the account was compromised.

The hacked Mandiant account was initially used to masquerade as one belonging to Phantom, a company that offers a wallet for storing cryptocurrency. Posts on X encouraged people to visit a malicious website to see if their wallet was one of 250,000 that were eligible for an award of tokens. Over several hours, X employees played tug-of-war with the unknown scammer, with scam posts being removed only to reappear, according to people who followed the events.

Enlarge (credit: Getty Images)

Threat actors connected to the North Korean government have been targeting security researchers in a hacking campaign that uses new techniques and malware in hopes of gaining a foothold inside the companies the targets work for, researchers said.

Researchers from security firm Mandiant said on Thursday that they first spotted the campaign last June while tracking a phishing campaign targeting a US-based customer in the technology industry. The hackers in this campaign attempted to infect targets with three new malware families, dubbed by Mandiant as Touchmove, Sideshow, and Touchshift. The hackers in these attacks also demonstrated new capabilities to counter endpoint detection tools while operating inside targets’ cloud environments.

“Mandiant suspects UNC2970 specifically targeted security researchers in this operation,” Mandiant researchers wrote.