Cyber Incident Victim: Ministry of Refugees and Repatriations

On September 1, 2016, the hacktivist group Ghost Squad Hackers (GSH) executed a coordinated defacement attack against 12 websites operated by the Afghan government. The group exploited a vulnerability common to all targeted servers to inject anti-government content across the digital properties. Affected entities included the Ministry of Justice, Ministry of Defense, Ministry of Foreign Affairs, Ministry of Refugees and Repatriations, and the Afghan Attorney General’s Office. Additional compromised sites belonged to the Civil Aviation Authority, Afghan Cart Company, Afghanistan Railway Authority, Afghan Geodesy and Cartography Head Office, Balkh Governor Office, and two domains (arg.gov.af and aais.gov.af) that could not be conclusively linked to specific agencies at the time of reporting. GSH characterized the attack as a response to the Afghan government’s alleged narcotics ties with the United States and mistreatment of citizens, stating the operation was both a personal initiative by one member and a response to appeals from Afghan civilians.

The defacements displayed protest messages accompanied by hashtags including #Justice4Hazaras, #Justice4Afghans, #FucktheGovernment, and #GhostSquadHackers. Zone-H archives hosted mirrors of all 12 defaced websites, documenting the scope of the intrusion. GSH publicly claimed responsibility via their Twitter account (@GhostSquadHack) on the same day, aligning the operation with their broader hacktivist campaigns. This incident followed GSH’s defacement of Israeli financial and government sites the preceding week, targeting the Bank of Israel and Prime Minister’s Office websites. No technical details regarding vulnerability remediation, incident response actions by Afghan authorities, or prolonged service disruptions were disclosed in available reporting. The attack exclusively involved website defacements, with no reported data exfiltration or secondary compromises.