Cyber Threat Actor: Chuckling Squad
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
2 incidents |
|---|
Profile
The threat actor known asChuckling Squad operates under that alias and has been linked to activity originating from the United States of America. Public reporting identifies the group by this moniker in connection with a series of social media compromises. No alternative names have been disclosed in the available sources. The actor’s geographic base is noted as the United States.
Observed targeting focuses on Twitter accounts, including those of corporate entities, high‑profile individuals, and international financial institutions. In one incident the actor compromised the primary and secondary Twitter feeds of the European Bank for Reconstruction and Development, posting atypical messages and engaging in a public struggle for control. In another incident the actor took over numerous verified accounts belonging to business leaders, politicians and celebrities to promote a cryptocurrency scam. These actions indicate a pattern of seeking both disruption and financial gain through the abuse of trusted social media channels.
The actor’s tactics rely heavily on social engineering to obtain privileged access to Twitter’s internal administrative tools, which then enables unauthorized account takeover. No specific malware families or custom exploit code have been reported in connection with these operations. Instead, the actor uses the compromised administrative interface to post misleading content, tag media personnel, and issue conflicting statements that create confusion among followers. Poor grammar and inconsistent language in the unauthorized posts have been noted as observable characteristics that assisted defenders in identifying the malicious activity. Public attribution does not tie Chuckling Squad to any state sponsor or known criminal consortium; the group remains unattributed beyond its alias and observed activity. The two campaigns described—the July 2020 EBRD Twitter compromise and the July 2020 high‑profile Twitter crypto‑scam—are representative of the actor’s publicly reported operations. Both incidents involved the takeover of verified accounts and the dissemination of deceptive messages, highlighting a recurring focus on exploiting social media trust. No further large‑scale campaigns have been documented in the sources at this time.
