Recent reports form the BBC have detailed that social media accounts belonging the British Army were hijacked by threat operators and abused to promote cryptocurrency and non-fungible token (NFT) schemes to their followers on Twitter and YouTube. As part of the takeovers, videos were posted that featured the image of SpaceX founder, Elon Musk.

Accounts altered and abused

During the attack, the British Army’s dedicated YouTube account had its name changed while screenshots also appeared displaying the Army’s account on Twitter, with its profile name changed, and retweeting promotions for project concerning NFTs, accompanied by pictures of a cartoon monkey.

Classed as digital assets, NFTs are often image files that can represent items in the real world. A record is kept of transactions on the blockchain.

A statement from the British Army was made confirming that the security incident had occurred and included an apology for the temporary disruption to its feed. A spokesperson for the Ministry of Defence (MoD) commented:

“The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”

Reminiscent of 2020 attacks

The recent attack on the British Army is not the first time an important entity’s social media presence has been hijacked for the purpose of promoting cryptocurrency scams. Back in the summer of 2020 several high-profile companies and individuals had their verified accounts on Twitter taken over to advertise a malicious crypto scheme. Accounts belonging to major companies like Apple, politicians like Joe Biden, musician Kanye West, and business moguls Elon Musk and Bill Gates were among the victims of the campaign.

Fortunately, the security incident was quickly contained, however, it was not fast enough to stop what amounted to hundreds of thousands of dollars being fraudulently sent to the threat operator’s cryptocurrency wallet.

It remains unknown how the hack on the British Army’s social media accounts took place, but Jake Moore, ESET’s global cyber security advisor, has suggested some potential causes. The advisor commented that the practice of profile sharing across multiple administrators, risky outsourcing, and poor passwords polices could all be contributing factors.

Moore explained:

“It can be extremely damaging for organisations and brands when their social media accounts are hacked, so it is vital that all social media admins are using multi-factor authentication and they change the password when anyone who knows it leaves.”

Companies neglecting to update passwords on a regular basis can put accounts of all kinds at risk, from social media profiles to those used by employees for email and file sharing. While hacked social media accounts can allow companies to become unwitting parties in cybercriminal campaigns, a compromised email account can represent a significant data breach.

At present it is not yet known who was responsible for the intrusion into the Army’s accounts. However, its official Twitter and YouTube accounts have now both been restored.