Government security

U.S. Army websites defaced in apparent 404 hijacking campaign

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.

Multiple U.S. Army internet subdomains were defaced with messages denouncing President Donald Trump and promoting pro-Kurdish sentiments in an apparent 404 hijacking campaign, as reported by CyberScoop.

The defacement targeted error pages on U.S. Army websites, including oil.army.mil and ai2c.army.mil, which belong to the Army’s Open Innovation Lab and Artificial Intelligence Integration Center, respectively. The messages displayed on the error pages denounced Trump and U.S. Ambassador to Türkiye Tom Barrack, and called for the freedom of Kurdistan. This attack method, known as 404 hijacking, exploits a website's error-handling system, often through compromised plugins or server configurations, to display unauthorized content when a page is not found. Cybersecurity researcher Ronald Lovelace discovered the defacements, noting the affected sites ran on WordPress and Microsoft cloud infrastructure.

The Army took the affected pages offline after being contacted for comment, stating they were hosted on a legacy third-party platform. An Army spokesperson confirmed that incident response is ongoing. While the defacement across multiple subdomains suggests a potential for broad reach, it did not appear to affect all Army websites. The perpetrators are not definitively identified, but the pro-Kurdish messages align with tactics used by Kurdish hacktivists. This incident is reminiscent of a 2015 attack where hackers from the Syrian Electronic Army defaced Army websites.

Source: CyberScoop

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds