All posts

Hacktivists deface two US Army AI websites with anti-Trump messages

Huma ShaziaJuly 8, 2026 at 7:16 AM4 min read
Hacktivists deface two US Army AI websites with anti-Trump messages

Key Takeaways

Hacktivists deface two US Army AI websites with anti-Trump messages
Source: TechCrunch
  • Two US Army websites focused on AI integration were defaced with pro-Kurdish and anti-Trump messages
  • The hackers modified error pages rather than main content, suggesting limited access to Army servers
  • This incident follows a pattern of increased hacktivist attacks on federal government infrastructure in 2024-2025

Hacktivists defaced two US Army websites with pro-Kurdish messages and accusations against President Donald Trump. Security researcher Ronald Lovelace discovered the modified error pages on the Army's Open Innovation Lab and AI Integration Center, both of which test emerging technologies including AI. The Army took the pages down after Cyberscoop reported the defacements on Monday.

The attackers altered the 404 error pages, not the main sites. Visitors who navigated to non-existent URLs would see messages calling Trump a "pedophile" and "thief," a reference to his appearance in Justice Department files related to Jeffrey Epstein. The messages also mentioned Tom Barrack, the US ambassador to Turkey, and called for a "free Kurdistan."

Advertisement

How did the hackers get in?

The Army has not disclosed the attack vector. Both affected sites run on WordPress and use several plugins, a common target for hackers looking to exploit outdated or vulnerable components. The fact that only error pages were modified suggests the attackers had limited access. They changed what they could reach rather than penetrating deeper systems.

Error page defacements are a known technique in hacktivism. They require less access than modifying primary content and can persist unnoticed for longer since administrators rarely monitor 404 pages. The pro-Kurdish messaging points to groups like KurdishCyberTeam, which has historically targeted government sites to draw attention to US policy in Syria and Turkey.

Whether any data was stolen remains unclear. The Army is investigating. A Department of Defense spokesperson did not respond to requests for comment.

Federal systems under pressure

This is not an isolated incident. Earlier this year, hacktivists breached the Department of Homeland Security and published records on contracts used by ICE for deportation operations. This week, DHS confirmed another breach of an intelligence-sharing platform used by state, local, and federal authorities.

Government websites saw roughly 2,365 defacements globally in 2024, according to Zone-H archives. Mandiant's 2024 threat report noted a 45% increase in hacktivist activity targeting government sites since 2022, driven largely by geopolitical conflicts in Ukraine, the Middle East, and disputes over US foreign policy.

The federal cybersecurity budget hit $10.5 billion for FY2024. Yet the persistence of low-sophistication attacks, like modifying WordPress error pages, shows gaps between spending and basic hygiene. Plugin vulnerabilities, unpatched CMS installations, and misconfigured servers remain entry points.

Advertisement

What does this mean for enterprise security teams?

If the US Army can't secure its WordPress sites, the lesson for enterprise teams is uncomfortable: CMS security is nobody's priority until it becomes a PR problem. Error pages, staging environments, and forgotten subdomains are low-hanging fruit. Attackers know this.

The fix is boring but effective. Audit all public-facing properties, including test environments. Inventory every plugin and enforce automatic updates. Monitor for unauthorized file changes, including in template directories. The Army's Open Innovation Lab was built to explore emerging tech. Its compromise came through years-old attack patterns.

ℹ️

Logicity's Take

The technical sophistication here is low. Defacing error pages on WordPress sites is not advanced tradecraft. But the visibility is high, and that's the point. Hacktivists aren't trying to steal data or deploy ransomware. They want attention, and they got it. For CTOs running any public-facing CMS, the takeaway is to treat staging, test, and error templates as production assets. Tools like Cloudflare or Sucuri can detect file changes in real time. If you're still running manual plugin updates on a quarterly cycle, you're the target.

Also Read
78% of enterprises hit by AI security incidents, DigiCert finds

Explores how AI-focused infrastructure creates new attack surfaces

Frequently Asked Questions

Which US Army websites were hacked?

The Open Innovation Lab and AI Integration Center, both used for testing and integrating AI and emerging technologies into Army systems.

What messages did the hacktivists post?

The defaced error pages contained accusations against President Trump, references to Jeffrey Epstein files, criticism of US Ambassador Tom Barrack, and calls for a free Kurdistan.

Was any data stolen in the Army website breach?

The Army has not confirmed whether data was exfiltrated. The investigation is ongoing.

How did hackers access the Army websites?

The attack vector has not been disclosed. Both sites run WordPress with multiple plugins, a common target for exploitation.

Who is behind the US Army website defacement?

The attackers have not been identified. The pro-Kurdish messaging suggests possible ties to hacktivist groups that have previously targeted government sites over US foreign policy.

ℹ️

Need Help Implementing This?

If your organization needs to audit its public-facing CMS properties or strengthen website security posture, contact the Logicity team for recommendations on managed security tools and monitoring services.

Source: TechCrunch / Zack Whittaker

Advertisement
H

Huma Shazia

Senior AI & Tech Writer

Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.

Related Articles