Twitter Disclosed Suspected State-Sponsored Attack


Twitter Disclosed Suspected State-Sponsored Attack (Dec 17, 2018)

The Twitter social media platform has confirmed that it was targeted with an attack by threat actors that resulted in unauthorized access to user data. Twitter has stated that the attack took place on November 15, 2018 in which the unknown actors exploited a vulnerability. The vulnerability allowed the actors to identify user account country codes, phone numbers, and if the account was locked. Twitter suspects is a state-sponsored group is behind the attack, but provided no evidence of their claim besides IP address' traffic from China and Saudi Arabia. Twitter stated that it fixed the bug on November 16, 2018. At the time of this writing, it is unknown what the purpose or motivation was behind this attack.

Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.