Mandiant: X Account Hacked in Brute-Force Attack Linked to ClinkSink Campaign

Mandiant's X account was compromised on January 3, 2024 via a brute-force attack and used to post links to a Solana-targeting phishing/drainer service called "ClinkSink" (a Drainer-as-a-Service). Mandiant regained control quickly and reported no broader compromise of its systems, while investigators linked the activity to a larger campaign that has siphoned hundreds of thousands of dollars in Solana assets and highlights the risks of weak passwords and the availability of turnkey phishing/drainer kits.