The British Army’s official Twitter and YouTube accounts were breached on July 3rd for almost 4 hours. The hackers initially took over the social media accounts, with over half a million followers combined, at around 2 PM ET, and maintained control for over 3 and a half hours as the British Army attempted to regain access, as later reported by the United Kingdom Ministry of Defence (MOD) Press Office.
We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway.
The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further.
— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
Phishing Scam Through a Fake NFT Collection
The hackers had their fun with the illegally acquired social media accounts, as they generated hype around two fraudulent NFT collections at the same time. One of the screenshots provided by the Twitter community reads “BAPESCLAN”, while another says “pssssd”.
However, it wasn’t all a barrel of laughs around the fake NFT collections, as both were accompanied with phishing links. Users who followed the malicious links and connected their crypto wallets lost all of the funds they had currently stored. As of this writing, British government officials have not disclosed any information about the victims, or the total sum of crypto defrauded.
QR-Code Scam on YouTube Impersonating Elon Musk
For the British Army’s YouTube account, the scammers used a different, more creative strategy, as the channel name was briefly changed to ‘Ark Invest’, impersonating the crypto hedge fund.
The videos uploaded by the hackers involved deep fakes of the world’s richest man, Elon Musk, talking to Jack Dorsey, the founder of Twitter. On top of that, the live videos encouraged viewers to use the QR codes presented on screen to send crypto funds. Viewers were promised to have their funds doubled, with the speakers saying they had a “secret investment technology” for extra quick turnaround of the “loans”.
The hackers seemingly went all out, simultaneously streaming four live streams of fake interviews, drawing in over 19,000 people. With the British government regaining control of the accounts, the false information was swiftly deleted, and the British Army promised to “learn from this incident”.
Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume.
— British Army (@BritishArmy) July 3, 2022