At least two US Army websites fell victim to defacement attacks over the past day, displaying pro-Kurdish propaganda and personal insults directed at President Donald Trump. Officials took the compromised sites offline after being alerted by CyberScoop, which first reported the incident.

The attack method, known as 404 hijacking, involves exploiting misconfigured or abandoned subdomains to serve attacker-controlled content instead of legitimate pages. While the full scope of affected systems remains unclear, the tactic suggests the operators targeted poorly maintained web infrastructure rather than breaching core Army networks.

Technical details on the exploit mechanism were not disclosed by military officials, and no indicators of compromise have been publicly released. The defacement pages reportedly included political slogans supporting Kurdish groups and messages critical of the president, indicating the attackers' motivation was likely ideological rather than financial.

The Army has not confirmed whether any sensitive data was accessed or what specific vulnerabilities were used. A spokesperson stated the service is now reviewing web asset security to prevent similar incidents.

This incident underscores persistent risks from supply chain weaknesses and forgotten subdomains — a vector that has been used in recent years by hacktivists and state-aligned groups alike to hijack public-facing pages without penetrating core systems.