View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 31, 2022

Elon Musk’s Twitter could become a haven for hackers

Advertising of stolen data could become more common on the platform if it takes a more relaxed approach to content.

By Claudia Glover

Ransomware gang Yanluowang has apparently joined Twitter, using its new account to announce it had breached the systems of messaging platform Matrix. Yanluowang is one of a number of cybercrime groups which have been active on Twitter in recent months, and the platform’s takeover by Elon Musk, who is promising a more laissez-faire approach to content moderation, could make it an even more appealing environment for criminals.

Cybercrime gangs use Twitter to advertise their digital wares. (Photo by Sattalat Phukkum/Shutterstock)

Yanluowang, which is known for targeting financial services companies with its malware, started tweeting yesterday and appears to be using its account to display data it lifts from its victims, the first of which is Matrix, the open messaging protocol used by 60 million people worldwide, which the gang claims it breached last week.  

The Twitter page shows numerous links in posts with descriptions such as “chiefs ‘coder’ and ‘saint’ chat,” and “master ‘stealer’ taskings”. There are a total of six links on the Twitter page providing apparent access to leaked data from the Matrix messaging platform. Tech Monitor has reached out to Matrix for comment. 

Ransomware gangs love Twitter

This is not the first time that ransomware gangs have used Twitter to advertise valuable stolen data. In August, two groups, Karakurt and BlackByte created Twitter profiles for themselves in order to publicise their illicit merchandise. Both currently appear to be suspended, but Yanluowang’s page is up at the time of writing. Karakurt also set up a website on the open web to hawk their data to the highest bidder.

The reason this technique is so popular, despite being potentially short-lived and risky, is that cybercrime gangs experimenting with data extortion need somewhere public with a large reach to advertise their stolen data, said Allen Liska, intelligence analyst at Recorded Future. “Not everybody has a Tor browser, so Karakurt has to have its data as accessible as possible if it’s going to be able to make any money,” Liska told Tech Monitor in August. “In other words, if your goal is extortion, you can’t make the data difficult to get to.”

Elon Musk’s Twitter could be appealing to hackers

Twitter is currently experiencing a period of upheaval following its acquisition by Elon Musk for $44bn. Tesla CEO Musk renamed himself as Twitter’s “Chief Twit” after completing the takeover on Friday, which followed months of legal back and forth. During the very public wrangling which preceded the deal, Musk expressed his intentions to make Twitter a platform where freedom of speech thrives, referring to himself as a “free speech absolutist”. Many believe this will lead to a change of approach on the way the site moderates content, and in the days following Musk’s takeover hate speech on the platform has reportedly spiked.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

This could work to the advantage of hackers, who may be able to maintain accounts to promote their illegal activity. This is “absolutely” a possibility, says Jason Steer, CISO at cybersecurity vendor Recorded Future. He believes hackers will continue to exploit a variety of other platforms, such as Telegram, to promote their work and sell stolen data, but says: “[Twitter’s current issues] could be a change to their benefit.”

Read more: Ransomware gangs are getting smaller and smarter

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.