Investigation of Instagram Account Hack and Malvertisement

This report details a cyber incident involving a bank in the Gulf region that experienced a significant security breach due to an Instagram hack. An influential Instagram account, which shared financial news and investment insights, was compromised by malicious actors who used it to spread fraudulent advertisements. These ads impersonated the bank's website, directing users to a fake domain designed to harvest credentials. Following the discovery of these ads, the bank requested their removal. SOCRadar conducted a thorough investigation, revealing that the social media account had not only been hijacked but stolen and renamed. Although no malicious downloads were detected, the website was clearly intended for credential theft. The investigation findings were presented to the bank, which used them as evidence in a legal case. The report also discusses the broader implications of malvertising, highlighting how compromised accounts can pose significant risks to organizations, potentially leading to data breaches and operational disruptions.