Cyber Incident Victim: Arizona Army National Guard
Date:
Feb 2015
Location:
United States of America
Summary
A subdomain of the Arizona Army National Guard's Environmental Division website, operated by the state's Department of Emergency and Military Affairs, was compromised and defaced by the Bangladeshi hacker group 3xp1r3 Cyber Army. The attackers replaced the site's content with a message criticizing its weak security measures and claiming responsibility for the breach. The defacement rendered the affected subdomain temporarily inaccessible, displaying an error message. The incident targeted a component of the broader military and emergency management infrastructure, which includes joint programs and emergency response divisions. The hackers publicly shared proof of the compromise through defacement mirrors and screenshots.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 2, 2015, the 3xp1r3 Cyber Army, a hacking group identified as originating from Bangladesh, compromised a subdomain (ems.azdema.gov) belonging to the Arizona Army National Guard’s Environmental Division. This subdomain was part of the Arizona Department of Emergency and Military Affairs (DEMA), which oversees the state’s Army and Air National Guard, emergency management, and joint programs. The attackers replaced the legitimate content with a defacement page displaying a message criticizing the site’s security posture. The message read: “3xp1r3 Cyber Army, We never give up! HACKED! Dear Admin, The security of your site is too low. Secure it! GreeTs To My beloved brothers of 3xp1r3 Cyber Army.” The hackers provided proof of the breach through a mirror link on Zone-H, a platform documenting website defacements. The incident targeted a publicly accessible subdomain, though the articles did not specify the exact vulnerability exploited or whether sensitive data was accessed beyond the defacement.
The attack disrupted access to the Environmental Division’s subdomain, which returned a 403 Forbidden error by February 6, 2015, when media reports documented the incident. This error indicated the site had been taken offline or restricted, suggesting DEMA administrators initiated containment measures. No additional technical details about the attack vector, duration of unauthorized access, or internal detection methods were disclosed in the available sources. Similarly, the articles did not describe broader operational impacts on DEMA or the National Guard, such as interruptions to emergency management functions or military readiness. Brigadier General Michael T. McGuire led DEMA at the time, but no official statements from him or the department regarding remediation efforts, forensic investigations, or coordination with law enforcement were cited. The defacement primarily served as a symbolic act of criticism against the site’s security, with no confirmed data exfiltration or secondary attacks mentioned in the reporting.