A recent phishing campaign targeting high-profile X accounts has raised concerns about the security of online accounts and the potential for fraudulent activity. The campaign, discovered by SentinelLabs, has affected a range of individuals and organizations, including US political figures, international journalists, a platform employee, major technology firms, cryptocurrency organizations, and owners of valuable short usernames.
The tactics used in this campaign involve sending fake login notifications via email and directing targets to credential phishing sites. Attackers have also utilized copyright violation warnings to deceive users and prompt them to enter their X account credentials on phishing websites. By gaining access to these accounts, attackers are able to promote fraudulent cryptocurrency schemes or redirect users to external sites designed to deceive additional victims.
The phishing infrastructure used in this campaign includes multiple domains, such as securelogins-x[.]com and x-recoverysupport[.]com, which have been linked to an IP address associated with a Belize-based VPS provider. The attackers have also made use of FASTPANEL, a website management service that is frequently abused by cybercriminals due to its ease of use and low cost. Despite efforts to shut down these malicious sites, many of them remain operational, indicating the attackers’ ability to sustain long-term phishing efforts.
Recent incidents suggest that the campaign may be expanding its targets, with high-profile accounts like the Tor Project and social media accounts tied to the Decentralized Autonomous Wireless Network (DAWN) being compromised. These incidents are consistent with the phishing tactics employed in the campaign, which also have ties to crypto-themed scams like buy-tanai[.]com.
To protect against such threats, users are advised to use strong, unique passwords for their X accounts, enable two-factor authentication (2FA), avoid clicking on links in unsolicited messages, verify URLs before entering credentials, and initiate password resets directly through official websites. SentinelLabs continues to monitor the situation and encourages anyone who encounters suspicious activity to report it promptly.
By remaining vigilant and taking proactive security measures, individuals and organizations can help prevent falling victim to phishing attacks and protect their online accounts from unauthorized access.