SEC Says Sim Swapping Attack Caused X Account Hack

Written by Mitchell Langley

January 23, 2024

SEC Says Sim Swapping Attack Caused X Account Hack

SEC SIM swapping attack reportedly the cause of SEC X account hack that resulted in a fake Bitcoin ETF Approval tweet. The U.S. Securities and Exchange Commission has officially confirmed that its X account fell victim to a SIM-swapping attack, where the hackers gained access to the account by targeting the associated cell phone number.


In a recent incident, the SEC’s X account was compromised, resulting in the spread of a false announcement claiming that the agency had granted approval for Bitcoin ETFs on security exchanges.

SEC Says Sim Swapping Attack Caused X Account Hack

However, it is worth noting that the SEC did, in fact, approve Bitcoin ETFs through a legitimate announcement the day after the fraudulent incident occurred.

Nevertheless, the method by which the account was compromised initially remained unclear. The SEC had previously announced its intention to share updates on the investigation as they became accessible.

Today, the SEC has officially confirmed that the X account’s security breach was due to a SIM-swapping attack targeting a cell phone account linked to the compromised account.

“Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,”

Press statement on the SEC SIM Swapping attack.  

What is a Sim Swapping Attack?

SIM-Swapping attacks involve malicious actors deceiving a victim’s wireless carrier to transfer their phone number to a device controlled by the attacker.

Sim swap attack enables the hackers to access all incoming texts and phone calls, including important security measures like password reset links and one-time passcodes for multi-factor authentication (MFA).

As stated by the SEC, the hackers were unable to gain access to the agency’s internal systems, data, devices, or social media accounts.

The SEC SIM swapping attack occurred by exploiting the mobile carrier’s vulnerability and tricking them into transferring the phone number associated with the SEC’s account.

After gaining control of the phone number, the hackers proceeded to reset the password for the @SECGov account, allowing them to create the false announcement.

SEC is Collaborating with Law Enforcement to Prone into SEC X Account Hack

The SEC has emphasized its collaboration with law enforcement in order to thoroughly investigate the methods employed in the SEC x account hack to carry out the SIM-swapping attack in conjunction with the mobile carrier.

Additionally, the SEC has confirmed that multi-factor authentication was not enabled on the account. They had specifically requested X support to disable it due to difficulties encountered while attempting to log into the account.

“Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account,”

SEC said in a press statement.

MFA Via Authentication App Could have Prevented the SEC SIM Swapping Attack

If multi-factor authentication (MFA) had been enabled via SMS, the hackers would have been able to compromise the account due to their control over the phone number and ability to intercept the one-time passcodes.

However, if the security setting had been configured to utilize an authentication app, it would have thwarted the threat actors from accessing the account, even after they had changed the password.

Therefore, it is advisable to use MFA with a hardware security key or an authentication app instead of relying solely on SMS, as these methods offer stronger protection against unauthorized access.

Throughout the past year, X has experienced ongoing challenges related to hacked accounts and the proliferation of malicious advertisements promoting cryptocurrency scams and fraudulent practices that target users’ wallets.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!