Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam


The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address.

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday. 

The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address in exchange for a larger pay back. 

A scam post made from tech icon Bill Gates’s Twitter account, which was one of many breached accounts used to tweet similar messages. We’ve blacked out the bitcoin address.

ZDNet/Natalie Gagliordi

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday. 

The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address in exchange for a larger pay back. 

The official account for former vice president and US presidential candidate Joe Biden was also hacked. Hackers also breached the official account of former president Barack Obama.

Here are some of the breached accounts we have identified so far:

  • Bill Gates
  • Elon Musk
  • Jeff Bezos
  • Joe Biden
  • Barack Obama
  • Apple
  • Kanye West
  • Uber
  • CoinDesk
  • Binance
  • Bitcoin
  • Gemini

Twitter said in an official statement: “We are aware of a security incident impacting accounts Twitter accounts. We are investigating and taking steps to fix it. We will update everyone shortly”. As part of the company’s remediation efforts, verified accounts, used to promote the scam, have been blocked from tweeting.

Most of the hacked accounts have now been restored to the owner’s possession and the scam posts removed. However, the bitcoin address mentioned in most of the tweets racked up more than $100,000 from hundreds of transactions.

Some of the tweets promoting the scam also contained a link to a website, which has now been taken down.

Speculation on how the hack is being carried out is also rampant, with the most popular theories being that hackers have breached the account of a Twitter high-ranking employee and that they’ve ve found a zero-day and are using it to bypass the site’s authentication.

A similar crypto scheme was the basis of a targeted attack on YouTube accounts earlier this year. A hacker hijacked YouTube accounts, renamed them to various Microsoft brands, and used them to broadcast a cryptocurrency Ponzi scam to thousands of users, posing as a message from Bill Gates.

Elon Musk is also a frequent target of account takeovers and hackers pushing bitcoin giveaway scams.

Note: This story was first published on ZDNet, TechRepublic’s sibling ViacomCBS Digital website.

Ransomware accounts for a third of all cyberattacks against organizations


Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.

Image: vchal, iStockphoto

Organizations and their employees can fall victim to a variety of cyberattack methods, including phishing campaigns, viruses, spyware, and trojans. But one particularly problematic and pervasive type of attack is ransomware. A report released Wednesday by security provider Positive Technologies discusses the trends of ransomware attacks during the first quarter of 2020.

SEE: Security Awareness and Training policy (TechRepublic Premium) 

For its “Cybersecurity Threatscape Report for Q1 2020,” Positive Technologies found that more than a third (34%) of malware-based cyberattacks during the quarter were ransomware attacks. Among the most active were ones that used Sodinokibi, Maze, and DoppelPaymer.

Among different sectors, government agencies were the hardest hit by ransomware in the first quarter, accounting for 21% of all such attacks. Other industries heavily targeted by ransomware were science and education, healthcare, and industrial companies.

Ransomware victim categories among organizations.

Image: Positive Technologies

The first quarter of 2020 also saw a rise in ransomware attacks in which criminals demanded payment or else they would release the encrypted data to the public. In these cases, attackers even created their own websites where they publish the stolen information. Criminals groups that operate Maze, Sodinokibi, Nemty, DoppelPaymer, Nefilim, CLOP, and Sekhmet all now have their own sites.

Many ransomware attacks succeed because criminals are able to exploit known vulnerabilities and unpatched systems. As IT and security staffs have strived to support remote workforces, the resources required to secure and patch servers and systems have been strained. As one example cited by Positive Technologies, the British company Finastra was victimized by ransomware in March because it was still running unpatched and unsecure versions of Citrix ADC and the Pulse Secure VPN.

As a result of the coronavirus pandemic, some criminal groups promised not to attack hospitals and healthcare facilities with ransomware. But naturally, criminals can’t be trusted. In one example, the operators behind Maze said they would stop attacking healthcare institutions during the pandemic. However, after making that promise, they published data stolen from Hammersmith Medicines Research, a British company getting ready to test a COVID-19 vaccine.

At the start of 2020, a ransomware known as Snake surfaced. Particularly disruptive to industrial companies, Snake is able to delete shadow copies of data and stop processes related to the operation of industrial control systems. As several examples, Snake can halt the processes of such tools as GE Proficy and GE FANUC Licensing, Honeywell HMIWeb, FLEXNet Licensing Service, Sentinel HASP License Manager, and ThingWorx Industrial Connectivity Suite.

SEE: Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)

Seemingly used in targeted attacks, Snake leaves a note on the computer with the encrypted files telling the victim what to do. Using a contact email address of, the attackers may be referencing a campaign against oil company Bapco, which was hit by the Dustman malware in late 2019 as a way to delete data. Both Dustman and Snake popped up around the same time, both of them targeting industrial companies, according to Positive Technologies.

To protect your organization and employees against ransomware and other forms of malware, Positive Technologies offers a few words of advice.

“Web application firewalls (WAFs) can block potential attacks against web applications on the network perimeter, including attacks against remote access systems, such as Citrix Gateway,” the report said. “To prevent infection of computers of the employees with malware, we recommend checking e-mail attachments for malicious activity with sandboxes. We also recommend following the general recommendations for ensuring personal and corporate cybersecurity.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see