US Army websites defaced with pro-Kurdish sentiments, insults to Trump
US Army websites defaced with pro-Kurdish sentiments, insults to Trump
https://cyberscoop.com/us-army-websites-defaced-404-hijacking-kurdistan/
Publish Date: 2026-07-06 13:54:00
Source Domain: cyberscoop.com
By Derek B. Johnson
Multiple U.S. Army internet subdomains were defaced in a 404 hijacking campaign, CyberScoop has confirmed.
As of Monday morning, error pages on two U.S. Army websites – oil.army.mil and ai2c.army.mil – displayed defacement messages visible to users. The messages denigrated President Donald Trump and United States Ambassador to Türkiye Tom Barrack, called to “FREE KURDISTAN,” And included another line reading “Kurdish sr was here.”
One of the websites, oil.army.mil, belongs to the Army’s Open Innovation Lab, a test bed for software and cyber capabilities established in 2020. The other belongs to the Artificial Intelligence Integration Center, established in 2019 to integrate AI technologies into the Army and train personnel on emerging technologies.
Screenshot of 404 error pages for oil.army.mil, defaced with pro-Kurdistan comments and insults to President Donald Trump and White House advisor Tom Barrack. (Source: U.S. Army website)
Screenshot of 404 error pages for ai2c.army.mil, defaced with insults to President Donald Trump and White House advisor Tom Barrack and a sign off from “Kurdish sr.” (Source: U.S. Army website)
The defacements were initially discovered by independent cybersecurity researcher Ronald Lovelace, who notified U.S. Army officials and CyberScoop.
404 hijacking exploits a website’s error-handling system — often by compromising a plugin, content management system, or server configuration — to control what content gets displayed when a page isn’t found, rather than breaching the site’s core pages directly. This lets malicious users insert defacement messages, malicious redirects, or other unauthorized content that visitors see specifically on error pages, sometimes making the compromise harder to detect since the rest of the site appears untouched.
Lovelace said the affected sites run on WordPress and Microsoft cloud infrastructure. It’s not clear how long the…