Cyber Incident Victim: British Army

On July 3, 2022, threat actors compromised the British Army’s verified Twitter and YouTube accounts to promote cryptocurrency scams. The attackers renamed the Twitter account to "pssssd" and altered its profile and header images before posting links to fraudulent NFT projects and crypto giveaway schemes. Simultaneously, the Army’s YouTube channel broadcast live streams repurposing older footage of Elon Musk, falsely presenting them as "Ark Invest" content to redirect viewers to cryptocurrency scam websites. These streams reused edited clips from Ark Invest’s "The ₿ Word" conference, which had previously featured Musk, Jack Dorsey, and Cathie Wood. The UK Ministry of Defence confirmed it regained control of both accounts the same day, though the exact intrusion method remained unidentified.

The incident mirrored prior crypto scam campaigns exploiting verified social media accounts for perceived legitimacy. Researchers had documented identical "Ark Invest" livestream scams in May 2022, which defrauded victims of over $1.3 million by impersonating legitimate crypto discussions. Verified accounts like the British Army’s are targeted due to Twitter’s stringent verification requirements, which grant a "blue badge" only to notable entities after documentation reviews, making compromised accounts appear trustworthy. No confirmed victim counts or financial losses were disclosed for this specific breach. The coordinated hijacking of both platforms suggested deliberate timing, but investigators did not publicly attribute the attack or determine whether user interactions with the fraudulent content led to further compromises.