LIVE · cybersecurity feed
defacementmedium

US Army websites defaced with pro-Kurdish sentiments, insults to Trump

zeroday.news·2d ago
ShareXLinkedInWhatsAppFacebook

At least two U.S. Army websites were defaced with messages expressing pro-Kurdish sentiments and insults directed at President Donald Trump and White House advisor Tom Barrack. The defacements were discovered on error pages of the subdomains oil.army.mil and ai2c.army.mil.

The messages included calls to "FREE KURDISTAN" and attributed the defacement to "Kurdish sr." The affected websites are associated with Army initiatives focused on technological advancement. Oil.army.mil is part of the Army's Open Innovation Lab, established in 2020 for testing software and cyber capabilities. Ai2c.army.mil belongs to the Artificial Intelligence Integration Center, created in 2019 to integrate AI technologies and train personnel.

The defacements were identified by independent cybersecurity researcher Ronald Lovelace, who subsequently alerted Army officials and CyberScoop. Lovelace noted that the affected sites utilize WordPress and Microsoft cloud infrastructure.

The method used, known as 404 hijacking, exploits a website's error-handling system. This technique allows attackers to display unauthorized content, such as defacement messages or malicious redirects, on pages that are not found. This can make the compromise less obvious, as the rest of the website may appear unaffected.

It remains unclear how long the subdomains were compromised or if other Army websites were affected. Lovelace suggested that the compromise across multiple subdomains indicates a potentially deeper issue than a single corrupted path. However, many other Army websites continued to display normal error pages. The origin of the breach, whether internal, external, or through a third party, and the extent of the intrusion beyond website defacement are also unknown.

Army officials took the websites offline after being contacted by CyberScoop for comment. An Army spokesperson stated that the affected pages were hosted on a legacy third-party platform not connected to the Army's enterprise network. The spokesperson confirmed that technical teams took immediate action to secure the pages and that an incident response investigation is ongoing.

The spokesperson, Maj. Sean Minton, emphasized that the Army takes all cyber incidents seriously and is actively investigating to uphold its cyber defense and network security standards. The spokesperson also indicated it is too early to determine if the third-party platform will be patched or discontinued.

While the identity of the attackers is not definitively known, the messages reference Kurdistan, a region encompassing parts of Turkey, Iraq, Iran, and Syria, home to a significant Kurdish population. The Kurdish separatist movement has a history of activism, including hacktivism targeting government websites. The defacements may be linked to recent political events where Trump and Barrack were perceived by some Kurdish proponents as supporting a Syrian government military campaign in Kurdish-majority areas.

This incident is not the first time U.S. Army websites have been targeted. In 2015, several major Army websites, including the main homepage and the U.S. Strategic Command site, were temporarily shut down after being defaced by hackers associated with the Syrian Electronic Army.

defacement404 hijackingus armycyber attackwordpress
ShareXLinkedInWhatsAppFacebook
← Back to latest

More News

view all →
zeroday.news · 1h ago·high

Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has acknowledged a security incident after a threat actor advertised what they claim is stolen internal data. The attacker, using the alias "888", says they took more than 35GB of source code and cloud credentials from the consulting giant and are offering it for sale. Accenture says it has addressed the source of the issue and that its operations were not disrupted.

zeroday.news · 4h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 5h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 5h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 6h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 6h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.