U.S. Army Restores two Websites After Politically Motivated Defacement

U.S. Army website defacement under investigation after attack

U.S. Army website defacement: The U.S. Army has restored two of its technology-focused websites after they were defaced with political and pro-Kurdish messages, prompting an ongoing cybersecurity investigation. According to media reports, the incident affected the error pages of the Army’s Open Innovation Lab and AI Integration Center websites rather than their primary web pages. The altered messages were visible when users attempted to access unavailable URLs on the sites. Officials have not yet disclosed how the compromise occurred or whether any sensitive information was exposed. The affected pages have since been removed, while investigators continue examining the cause and overall impact of the cyber incident.

Error pages were altered with political messages

According to media reports, the hackers modified the websites’ error pages rather than their main content. The altered messages appeared only when visitors attempted to access web addresses that did not exist on the affected sites.

The defaced pages displayed political statements directed at U.S. President Donald Trump and also included references to Tom Barrack, the current U.S. ambassador to Turkey. In addition, the messages contained calls supporting a “free Kurdistan.”

The Army removed the altered pages shortly after being notified of the issue.

Researcher identified the website changes

The website modifications were first identified by security researcher Ronald Lovelace, who informed media about the incident.

The affected websites were:

  • Open Innovation Lab
  • AI Integration Center

Both organizations are involved in evaluating and integrating artificial intelligence and other advanced technologies for military applications.

The discovery highlighted that the changes were limited to the websites’ error pages rather than their primary web content.

Investigation into the incident continues

The U.S. Army has not explained how the attackers managed to alter the websites. Officials also have not confirmed whether the compromise resulted from a software vulnerability, misconfiguration, or another method of unauthorized access.

Media reported that the Army is actively investigating the incident to determine its cause and scope.

At this stage, there has been no confirmation that any government data or user information was accessed or stolen during the breach.

WordPress and plug-ins may have been involved

According to the available information, the affected Army websites appear to operate on WordPress and make use of multiple plug-ins.

Although no official explanation has been provided, WordPress plug-ins can become targets for attackers if vulnerabilities exist or security updates have not been applied. However, there is currently no official confirmation that a WordPress-related issue caused this incident.

Investigators are expected to examine all possible entry points before determining how the websites were compromised.

No official confirmation of data theft

One of the key questions following the incident is whether attackers accessed any sensitive information.

So far, the Army has not reported any evidence that data was stolen. The investigation remains ongoing, and officials have not released additional technical details about the compromise.

A spokesperson for the U.S. Department of Defense did not provide a public response regarding the incident at the time of reporting.

Part of a wider trend targeting government systems

Website defacement is a common tactic used by hacktivist groups seeking to draw attention to political or ideological causes. Rather than stealing information, these attacks typically replace or modify website content with public messages.

However, some hacktivist campaigns have extended beyond simple website alterations.

Earlier this year, hackers targeted the U.S. Department of Homeland Security and published records related to contracts supporting immigration enforcement operations.

Separately, the Department of Homeland Security also confirmed another cybersecurity incident this week after hackers gained access to one of its intelligence-sharing platforms used for exchanging information among state, local, and federal authorities.

These incidents highlight the continued cybersecurity challenges facing government agencies as attackers target publicly accessible systems and online services.

What is known so far

Based on the information currently available:

  • Two U.S. Army websites were affected.
  • The attackers modified website error pages rather than the main pages.
  • The messages included political statements and pro-Kurdish content.
  • The altered pages have been removed.
  • The Army is investigating how the compromise occurred.
  • There is no confirmed evidence that data was stolen.

Officials are expected to release additional details once the investigation progresses.

Read More: Hacktivists call out Trump by hacking and defacing US Army websites

FAQs:

Which U.S. Army websites were affected?

The Open Innovation Lab and AI Integration Center websites were impacted.

What was changed during the attack?

Hackers modified the websites’ error pages that appear when users visit non-existent URLs.

Was any data stolen?

There is currently no official confirmation that data was compromised or stolen.

Is the U.S. Army investigating the incident?

Yes. The Army is investigating how the websites were defaced and the overall impact of the incident.

Were the websites restored?

Yes. The altered pages were taken down after the Army was informed of the issue.