The British Army’s Twitter and YouTube accounts were hacked to promote online crypto scams, displaying fake NFTs and crypto giveaway schemes. UK’s Ministry of Defence has since regained control of the hacked accounts and an investigation to find out the attackers is underway.
Not much is known about the attacks at the moment, including how attackers got access to said accounts or if anyone was affected by any of the fake schemes promoted.
The two accounts were targeted slightly differently. The Twitter account was renamed to ‘pssssd’ with the header and profile pictures change in order to resemble an NFT collection created by one @tmw_buidls. That account has since been deleted as well. Soon after this, the account started posting links to scam crypto sites claiming free giveaways and NFT drops.
As for the Army’s YouTube channel, attackers hijacked it to live stream old videos of Elon Musk talking about crypto in an attempt to get users to visit “Ark Invest”, another crypto scam website.
These types of attacks are now happening more and more frequently with notable accounts being targeted, especially accounts with large followings or special verification status’ like Twitter’s famous blue badge.
The blue badge on Twitter is given to verified accounts should they represent celebrities, politicians, journalists, activists, influencers and government or private organisations. This makes these accounts a prime target for attackers as their followers will more often than not believe most things being tweeted from these accounts.
YouTube shares a similar story. The “Ark Invest” type attacks and the use of Elon’s old videos talking about cryptocurrency aren’t new either. In the past, attackers have gone as far as creating deepfakes of Musk and other imminent names in crypto to drive such scams and con users of millions of dollars.