Twitter and YouTube accounts belonging to the British Army were hacked and found promoting online crypto scams.
Attackers hijacked social media accounts to spread fake NFTs and bogus crypto giveaway schemes.
Verified Twitter hijacked
- The Twitter account was renamed to 'pssssd' with the header and profile images altered.
- Subsequently, they started tweeting and retweeting links to crypto scam sites.
YouTube account hack
The hacked YouTube channel started live-streaming older videos of Elon Musk to fool users into visiting crypto scams on Ark Invest websites.
The U.K Ministry of Defence released a statement confirming retaking control of its Twitter and YouTube accounts.
Why the hijacking of accounts?
- Verified social media accounts of high-profile organizations such as the British Army becomes more lucrative for cybercriminals to compromise and misuse them according to their own monetary benefits.
- Hackers may abuse it for different malicious activities such as scamming victims for money or sending fake account suspension notices as bait.
Recently, verified Twitter accounts were hacked by threat actors to send fake suspension messages, attempting to steal the credentials of other verified users. Such credentials are sold in the underground marketplaces at decent rates.
Monetary Losses Reported In The Past
- Both McAfee security analysts and BleepingComputer reported seeing a lot of these Elon Musk Ark Invest YouTube livestreams in May of this year.
- After re-streaming an altered video of an old live panel discussion on cryptocurrencies that featured Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest's "The Word" conference, the fraudsters behind similar hacks had stolen more than $1.3 million by the end of May.
Conclusion
High-profile accounts, such as British Army’s, are usually lucrative targets for attackers to promote their fake crypto propaganda. Enabling two-factor authentication is surely a way but now hackers have a way to crack that as well. To overcome that, one should keep logging out of their accounts on a regular basis. If nothing, sessionIDs would get clear and stop the attack.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/b7cc_shutterstock_1534535621.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/ab76_shutterstock_687281011.jpg)
