The British Army’s Twitter and YouTube accounts were hacked and used for some time to promote a cryptocurrency scam.
The verified Twitter account advertised fake NFTs and cryptocurrency giveaways. On YouTube, the channel was renamed “Ark Invest” and aired old clips featuring Elon Musk and Twitter founder Jack Dorsey to mislead users.
Let me remind you that we wrote that Researcher finds that Twitter images can hide up to 3MB of data, and also that Attackers used Twitter API to match phones to usernames.
In an official statement released recently, the UK Department of Defence confirmed that the hack took place, but now control over the Twitter and YouTube accounts has already been restored, and the incident is under investigation. Unfortunately, the details of the attacks are not yet known, as the Ministry of Defense stated that “until the investigation is completed, further comments are inappropriate.”
According to The Wayback Machine, the British Army’s Twitter account has been renamed “pssssd” along with a change in the title image and profile avatar. The attackers who controlled the account were actively posting and retweeting links to fraudulent sites related to cryptocurrencies.
Bleeping Computer notes that the capture of verified accounts on Twitter has become a real trend of recent times. Fraudsters use such accounts for a variety of schemes, for example, sending fake notifications about account blocking.
As we wrote, on July 1, BleepingComputer reporter Sergiu Gatlan received a phishing message on Twitter saying that his account had been suspended for spreading hate.
At Twitter, we take the security of our platform very seriously. Therefore, we will suspend your account after 48 hours if you do not complete the authentication process.the message says.
Researchers recommend that when receiving a message with a link to a site, check the domain name and grammatical errors that can reveal a phishing campaign. Also, you cannot enter your credentials on a third-party site.
