Hi-jacking social media accounts for all sorts of malicious goals have become a common practice among cybercriminals. Recently, both Twitter and Youtube fell victims to attack as threat actors targeted high-profile accounts. Now, these two platforms are in the spotlight again, but the target is singular – The British Army.
Having a verified account to commit malicious activities is dangerous. These particular threat actors know what they’re doing and they’re using the British Army’s accounts to promote NFT giveaway schemes.
From profile pictures resembling a nonfungible token collection called “The Possessed” to a cartoon ape with clown makeup on, the situation can’t be more serious. What are the threat actors after? Has the army resolved the breach? Find out below.
The British Army Breach – A Huge March for Crypto Scam Websites
As mentioned, this is not the first time these two social media giants have been targeted by threat actors. Not only that, but it’s also not the first time a high-profile account has been targeted on Twitter.
In fact, back in 2020, threat actors hi-jacked major the US accounts for an apparent Bitcoin scam. These accounts include the likes of Musk, Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, and Kanye West.
Now, another crypto scam is taking place, but this time around, it’s in the form of the British Army. The attackers took over the army’s Twitter account and changed its name to “pssssd.”
Moreover, they switched its profile picture and uploaded a nonfungible token collection called “The Possessed.”
On the other hand, the Twitter account name changed to Bapesclan with an ape-like cartoon figure with make-up mimicking a clown as a profile pic.
Both attempts are different, but they also have a common goal, promoting fake crypto promotions (As reported by the BBC). The account’s feed kept retweeting several posts related to NFTs – a type of electronic artwork for investment.
The Possessed tweeted about the incident and urged users to stay vigilant as this is a scam.
That’s it for Twitter. Now, let’s head over to what occurred on the army’s Youtube account. The attackers changed the page’s profile picture to “Ark Invest,” the investment firm of Tesla and bitcoin bull Cathie Wood.
Furthermore, whoever hacked the account deleted all the existing videos and replaced them with live streams of old clips taken from a conversation with Elon Musk and Twitter co-founder Jack Dorsey on bitcoin.
In the text section of the live streams, the attacker added links that redirect users to crypto scam websites where all the malicious practices happen.
According to the Ministry of Defense Press Office, the army retrieved the accounts. However, they’re not stopping until they catch the culprit and further investigations are in place:
“The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”
The British army apologized for the temporary interruption to their feed. They are conducting all sorts of investigations to catch whoever is behind this. Speaking of, the threat actor is still unknown. We’ll be waiting for further information.
British Army Breach – A Well Executed Scam
Using Twitter and Youtube has become very effective, especially if the accounts are verified. With high-profile accounts at their disposal, cybercriminals can trick anyone, anytime.
The British army was the latest victim of such attacks, but they’re definitely not the last. Always stay vigilant when submitting your sensitive information – don’t ever do that on unknown websites.
Also, if it’s starting with a phishing email, make sure to avoid clicking on any included link. This will save you a lot of trouble.