Hacktivists Deface U.S. Army Websites with Pro-Kurdish Messages

In a recent cyber incident, multiple U.S. Army subdomains were defaced to display pro-Kurdish messages and criticisms of President Donald Trump. The affected sites include oil.army.mil, associated with the Army’s Open Innovation Lab, and ai2c.army.mil, linked to the Artificial Intelligence Integration Center. These defacements were discovered on the error pages of the websites, a tactic known as 404 hijacking, where attackers exploit a site’s error-handling system to display unauthorized content. ([cyberscoop.com](https://cyberscoop.com/us-army-websites-defaced-404-hijacking-kurdistan/?utm_source=openai))

The altered error pages contained messages denouncing President Trump and U.S. Ambassador to Türkiye Tom Barrack, alongside calls for a free Kurdistan. The method of attack suggests vulnerabilities in the websites’ error-handling mechanisms, potentially through compromised plugins or server configurations. Cybersecurity researcher Ronald Lovelace identified the defacements, noting that the affected sites operated on WordPress and Microsoft cloud infrastructure. ([scworld.com](https://www.scworld.com/brief/u-s-army-websites-defaced-in-apparent-404-hijacking-campaign?utm_source=openai))

Upon being alerted to the defacements, the Army took the affected pages offline, stating that they were hosted on a legacy third-party platform not connected to the Army’s main network. An Army spokesperson confirmed that an incident response is ongoing to investigate the breach. While the defacements were limited to specific subdomains, the incident underscores the potential reach of such attacks. The perpetrators have not been definitively identified, but the pro-Kurdish messages align with tactics previously used by Kurdish hacktivists. ([mallory.ai](https://www.mallory.ai/stories/019f389e-f125-7afa-9bc7-bbe4fe93b694?utm_source=openai))

This event is reminiscent of past cyberattacks targeting U.S. military websites. In 2015, the Syrian Electronic Army defaced Army websites, highlighting the persistent threat of hacktivist groups exploiting vulnerabilities in government systems. ([scworld.com](https://www.scworld.com/brief/u-s-army-websites-defaced-in-apparent-404-hijacking-campaign?utm_source=openai))

The incident also raises concerns about the security of government websites running on widely used platforms like WordPress. While these platforms offer flexibility and ease of use, they can introduce vulnerabilities if not properly maintained and secured. Regular updates, robust error-handling configurations, and vigilant monitoring are essential to prevent such defacements. Additionally, the use of legacy third-party platforms for hosting critical subdomains highlights the need for comprehensive security assessments and modernization efforts within government IT infrastructure.

As the Army continues its investigation, this incident serves as a stark reminder of the evolving landscape of cyber threats and the importance of proactive measures to safeguard sensitive information and maintain public trust in government institutions.