According to Kurdpress, *CyberScoop* reported that at least two US Army web subsystems were hit by an attack known as "404 Hijacking," wherein their error pages were replaced with messages supporting "Kurdistan" and offensive content targeting Donald Trump and Tom Barrack, the US Ambassador to Turkey.
The specialized publication CyberScoop reported that two U.S. Army web subsystems—oil.army.mil and ai2c.army.mil—were targeted by a "404 page hijacking" cyberattack.
According to the report, users visiting the error pages of these websites encountered messages featuring the slogan "FREE KURDISTAN," offensive content directed at Donald Trump and Tom Barrack (the U.S. Ambassador to Turkey), and the phrase "Kurdish sr was here."
One of the websites belongs to the U.S. Army's Open Innovation Lab, while the other is associated with the Army's Artificial Intelligence Integration Center.
The attack was first identified by independent cybersecurity researcher Ronald Loveless, who notified U.S. Army officials and CyberScoop.
According to experts, in attacks known as "404 Hijacking," hackers manipulate the error page management system—without directly compromising the website's main pages—to display their own content to users when a 404 error occurs. This method typically exploits vulnerabilities in plugins, the content management system, or server configurations; it is harder to detect because the rest of the website remains unchanged.
Lovelace stated that both websites utilize WordPress and Microsoft’s cloud infrastructure, but it remains unclear how long the breach lasted, how many other subsystems were affected, or how the attackers managed to alter the error pages.
The two websites were taken offline after CyberScoop contacted the U.S. military.
U.S. Army spokesperson Major Sean Minton stated that the compromised pages were hosted on an old platform belonging to a third party and were not connected to the Army's main network. He noted that technical teams immediately took action to contain the incident, and an investigation into the matter is ongoing.
The U.S. Army emphasized that it is too early to comment on the origin of the attack or the true extent of the breach, and it remains unclear whether the incident was limited to the alteration of error pages or involved a wider scope.
CyberScoop reports that while the identities of the perpetrators remain unknown, repeated references to Kurdistan have fueled speculation regarding the involvement of pro-Kurdish hacktivists. The publication notes that defacing government websites has previously been a common tactic employed by certain Kurdish hacktivist groups.
The report also highlights the dissatisfaction among some pro-Kurdish factions regarding the recent stances taken by Donald Trump and Tom Barrack on developments in Syria, noting that they had faced criticism from Kurdish activists for supporting the Syrian government's efforts to retake Kurdish-populated areas.
Finally, the publication points out that this is not the first time U.S. military websites have been targeted; in 2015, the group known as the Syrian Electronic Army attacked several U.S. military and Strategic Command websites, knocking them offline for a period of time.
Your Comment