Cyber Incident Victim: Afghan Attorney General's Office

On September 1, 2016, hacktivist group Ghost Squad Hackers (GSH) executed a coordinated defacement of 12 Afghan government websites. The attackers exploited a vulnerability common to all affected servers to inject anti-government content across multiple domains. Primary targets included high-profile agencies such as Afghanistan's Ministry of Justice, Ministry of Defense, Ministry of Foreign Affairs, Ministry of Refugees and Repatriations, and the Afghan Attorney General's Office. Additional impacted entities spanned critical infrastructure and administrative bodies: the Civil Aviation Authority, Afghan Cart Company, Afghanistan Railway Authority, Afghan Geodesy and Cartography Head Office, Balkh Governor Office, and two unidentified domains (arg.gov.af and aais.gov.af). The defacements displayed messages condemning the Afghan government's alleged drug ties with the United States and mistreatment of citizens, accompanied by hashtags including #Justice4Hazaras and #Justice4Afghans. GSH characterized the operation as a "personal attack" initiated by one member, claiming they were "sought out by their own people" to conduct the breach.

The incident represented an escalation of GSH's activities following their takedown of Israeli government websites the preceding week, including the Bank of Israel and Prime Minister's Office portals. All defacements were publicly documented through Zone-H mirror links, with GSH promoting the operation via their Twitter account (@GhostSquadHack) on the same day. No technical remediation details or official responses from Afghan authorities were disclosed in available records. The attack temporarily disrupted public access to critical government services and exposed systemic vulnerabilities across multiple agencies' web infrastructure. GSH's message framing emphasized sociopolitical grievances rather than financial motives, aligning with their hacktivist profile of targeting governments perceived as oppressive or corrupt.