Cyber Incident Victim: Dell Inc.

On May 26, 2016, a hacker identifying as MuhmadEmad defaced five Dell subdomains associated with the company’s Entrepreneur-in-Residence program. The affected domains included eir.dell.com, eir.dell.fr, eir.dell.ie, eir.dell.co.uk, and eir.dell.nl, targeting regional versions of the program across multiple countries. The attacker replaced website content with a political message stating "HaCkeD By MuhmadEmad // Long Live to // {Peshmerga && kurd && Kurdistan} // KurdLinux_Team" while expressing opposition to ISIS and Turkey with the phrase "Death to { ISIS + TURKEY }". The hacker claimed affiliation with the KurdLinux_Team and provided a contact email address within the defacement message. All compromised sites ran on the Drupal content management system and remained offline at the time of initial media reporting. Zone-H defacement mirror records documented the attacks, with timestamps confirming the May 26 compromise date.

The attacker subsequently recorded a video demonstration of the defaced domains and uploaded it to YouTube on June 11, 2016, approximately two weeks after the initial incident. The political messaging reflected tensions between Kurdish populations and both ISIS forces operating in Syria/Iraq and the Turkish government, citing oppression of Kurdish communities as motivation. No technical details regarding the exploitation method or Dell's remediation efforts were disclosed in available reports. The incident exclusively impacted Dell's Entrepreneur-in-Residence program subdomains, with no evidence suggesting broader compromise of Dell's primary infrastructure or data exfiltration. The prolonged downtime of all five subdomains indicated sustained service disruption to this specific business initiative following the defacement.