U.S. Army Websites Defaced in Apparent 404 Hijacking Campaign
U.S. Army Websites Defaced in Apparent 404 Hijacking Campaign
Multiple U.S. Army internet subdomains were defaced with messages denouncing President Donald Trump and promoting pro-Kurdish sentiments. This defacement occurred in an apparent 404 hijacking campaign, as reported by CyberScoop. The defacement notably targeted error pages on U.S. Army websites, including oil.army.mil and ai2c.army.mil, which belong to the Army’s Open Innovation Lab and Artificial Intelligence Integration Center, respectively. The messages displayed on these error pages denounced Trump and U.S. Ambassador to Türkiye Tom Barrack, and called for the freedom of Kurdistan. 🚀
This attack method, known as 404 hijacking, exploits a website’s error-handling system. This often happens through compromised plugins or server configurations, to display unauthorized content when a page is not found. Cybersecurity researcher Ronald Lovelace discovered these defacements, further noting that the affected sites ran on WordPress and Microsoft cloud infrastructure.
Following the discovery, the Army took the affected pages offline after being contacted for comment, stating they were hosted on a legacy third-party platform. An Army spokesperson confirmed that incident response is ongoing. While the defacement across multiple subdomains suggests a potential for broad reach, it did not appear to affect all Army websites. The perpetrators behind this campaign are not definitively identified, but the pro-Kurdish messages align with tactics used by Kurdish hacktivists. This incident is reminiscent of a 2015 attack where hackers from the Syrian Electronic Army defaced Army websites.