Cyber Threat Actor: boredbloke
| Actor Type | Location | Known Incidents |
Sensationalist
|
United Kingdom
|
1 incident |
|---|
Profile
boredbloke isthe online alias used by an individual who gained public attention in February 2019 after compromising the Twitter account of the British Army’s 77 Brigade, a unit responsible for social media influence operations. The actor is known to be based in the United Kingdom, although no further personal details such as real name or age have been disclosed in open sources. The alias reflects a self‑described motivation rooted in boredom and a desire to highlight perceived security shortcomings rather than to pursue financial profit or espionage. No affiliation with any state, criminal group, or hacker collective has been established in the reporting surrounding the incident.
In the February 2019 operation the actor focused on a United Kingdom military organization, specifically the 77 Brigade’s official Twitter presence, which the unit uses to conduct information and outreach activities aimed at shaping perceptions and supporting recruitment. The actor stated that the goal was to expose a gaping hole in the account’s security that could be abused by a malicious adversary, thereby causing embarrassment and disruption to the unit rather than seeking monetary gain or intelligence collection. The method employed relied on exploiting an unidentified vulnerability in the Twitter account’s access controls, allowing the actor to log in, rename the handle from @77th_Brigade to @79th_Brigade, and post taunting messages directed at the Army’s other official social media channels. After gaining control the actor communicated directly with the unit via private messages, explaining the weakness and offering to return the account, a step that demonstrated a preference for responsible disclosure despite the lack of an established bug‑bounty or whistle‑blowing channel for the organization.
The only publicly reported operation linked to boredbloke remains the takeover of the 77 Brigade Twitter account, which was subsequently recovered by the British Army after the actor posted a series of mocking tweets and later relinquished control following direct communication with the unit’s personnel. The Ministry of Defence initially denied the existence of an official 77 Brigade Twitter presence, labeling the compromised account as a parody, before later acknowledging the incident and locking the account to prevent further public access. No additional campaigns, malware families, or toolsets have been attributed to boredbloke in open‑source reporting, and no state sponsorship or criminal consortium ties have been demonstrated. Consequently, the actor’s profile is limited to this single incident, which illustrates how an individual with modest technical means can exploit procedural gaps in military social‑media management to produce noticeable disruption and public embarrassment.
