‘Yes, this is real’: hackers targeting high-profile X accounts blur fact and fiction

SentinelOne researchers report an active phishing campaign targeting high-profile X/Twitter accounts to hijack them and promote cryptocurrency scams. The attackers use credential-phishing emails and account lockouts to post fraudulent crypto links, and SentinelOne traced parts of the infrastructure to an IP tied to a Belize VPS provider (Dataclub) and malicious domains registered through a Turkish hosting provider (Turkticaret); the report urges unique passwords, multi-factor authentication, and caution with login-related emails and links.