Menu
Browse

Cyber Threat Actor: Wealth Squad Chris

Actor Type Location Known Incidents
 Icon
Sensationalist
Russia
1 incident
Profile

Wealth Squad Chris is an alias used by a threat actor whose known location, according to publicly available sources, is Russia. The actor came to attention in November 2021 when the Twitter account of Novant Health, a healthcare organization based in the United States, was compromised. During the incident the account’s handle was changed to ‘@cjjohnso17th’ and the display name was altered to “Wealth Squad Chris,” as reported by WWAY and confirmed by Novant Health. The hijacked account was subsequently suspended by Twitter, prompting the healthcare provider to shut down the account temporarily while it worked to regain control and address the impersonation. Novant Health confirmed the breach and initiated response measures to remediate the hijacking and mitigate any further impact.

The only publicly documented targeting associated with Wealth Squad Chris involves the healthcare sector, specifically the social media presence of a hospital system. No additional sectors, regions, or strategic objectives such as financial gain, espionage, or disruption have been explicitly stated in the available sources. The observed tactics consist of gaining unauthorized access to a Twitter account, altering the handle and profile information, and leveraging the compromised platform for impersonation; no malware families, specific tooling, or initial access vectors beyond credential compromise are described in the reporting. Attribution to a state sponsor, criminal consortium, or any broader affiliation has not been established in the material provided, and the actor’s ties remain limited to the geographic indicator of Russia and the alias used in the Novant Health incident. The Novant Health Twitter hijacking stands as the sole representative operation publicly linked to Wealth Squad Chris, offering a concrete example of the actor’s activity without further detail on additional campaigns or methodologies.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source