Cyber Incident Victim: United States Army

On June 8, 2015, the official US Army website (army.mil) experienced a defacement attack attributed to the Syrian Electronic Army (SEA). Attackers replaced the homepage content with a message claiming responsibility and displayed a pop-up notification stating, “Your commanders admit they are training the people they have sent you to die fighting.” Evidence from the SEA’s Twitter account included screenshots indicating unauthorized access to the Limelight Networks content delivery network (CDN), which hosted the Army’s site. One screenshot depicted the Limelight control panel for the US Army Office of Public Affairs account, suggesting compromise of CDN credentials or systems. Limelight Networks confirmed an investigation into the security incident but initially found no evidence of customer data compromise. The Army’s main homepage became inaccessible following the attack, though other Army-affiliated websites remained operational.

The incident also disrupted access to the websites of US Strategic Command and US Cyber Command, though the nature of their downtime was not explicitly detailed in available reports. The Army took immediate action to take the defaced homepage offline to contain the breach and initiate restoration efforts. Limelight Networks emphasized its commitment to security but did not disclose specific remediation steps taken during the investigation. No additional attacker actions—such as data theft, malware deployment, or persistent access—were confirmed in the available reporting. The defacement primarily impacted public access to informational content and temporarily disrupted the Army’s primary public communications platform. Service restoration timelines and technical details of the vulnerability exploited were not publicly disclosed in the immediate aftermath.