Cyber Incident Victim: Afghan Ministry of Foreign Affairs

On September 1, 2016, the hacktivist group Ghost Squad Hackers (GSH) executed a coordinated defacement of 12 Afghan government websites. The attackers exploited a common server vulnerability affecting multiple agencies, enabling them to replace or alter website content with anti-government messages. Affected entities included Afghanistan's Ministry of Foreign Affairs, Ministry of Justice, Ministry of Defense, Ministry of Refugees and Repatriations, and the Attorney General's Office. Additional targets encompassed the Civil Aviation Authority, Afghan Cart Company, Railway Authority, Geodesy and Cartography Head Office, Balkh Governor Office, and two unidentified domains (arg.gov.af and aais.gov.af). The defacements displayed political statements condemning the Afghan government's alleged drug ties with the United States and mistreatment of citizens. GSH characterized the operation as a "personal attack" initiated by one member, claiming inspiration from Afghan citizens' grievances.

The defacements disrupted public access to critical government portals, with mirrors preserved on the Zone-H cyberattack tracking platform. GSH promoted the campaign on Twitter using hashtags including #Justice4Hazaras and #GhostSquadHackers, aligning it with broader social justice themes. No technical remediation details or official government responses were disclosed in available sources. The incident followed GSH's prior attacks against Israeli institutions the previous week, including the Bank of Israel and Prime Minister's Office websites, indicating a pattern of politically motivated disruptions. Forensic evidence of the Afghan breach was limited to the defacement mirrors and GSH's public statements, with no corroborated data on intrusion duration or collateral damage beyond the website alterations.