The website of the Texas Department of Agriculture was briefly defaced Tuesday morning, its usual contents replaced with an image of Qassem Soleimani, the Iranian general who was killed last week in a U.S. airstrike. A group of hackers referring to themselves as “Shield Iran” claimed credit.
While the department’s site has since been restored, the defacement is similar to other attacks on U.S.-based websites in the days following President Donald Trump’s order to kill Soleimani, who commanded Iran’s Quds Force. Over the weekend, a website belonging to the U.S. Government Publishing Office was defaced with a similar message. The website of the Southern Alabama Veterans Council, a nonprofit group, was also targeted on Tuesday.
Vice News was first to report the defacement of the Texas Department of Agriculture’s site.
Website defacements are typically low-level attacks that are often politically motivated. According to SiteLock, a website-protection company, hackers carrying out defacements often seek contact forms, comment boxes or unprotected source code into which they inject spam or malicious code.
“The more entry points your website has, the easier it will be for attackers to gain access,” the company says.
On Friday, the Multi-State Information Sharing and Analysis Center issued an advisory to its members in state and local government IT agencies to raise their guards against malicious activity that could be originating from the Iranian government, which is known to carry out both distributed-denial-of-service attacks and “wiper” attacks, which irreparably destroy networks and files.
U.S. officials have not linked any of the website defacements to the Iranian regime, though several of the phrases that appeared below the image of Soleimani that briefly replaced the Texas Department of Agriculture’s site appeared in Google searches alongside references to Ashiyane, a defunct Iranian hacker forum. According to research published by Recorded Future in January 2019, the forum was managed by a contractor with “strong connections” to the Islamic Revolutionary Guard Corps, of which Soleimani’s Quds Force was an elite unit.
The Texas Department of Agriculture did not respond to requests for comment about the defacement. The Texas Department of Information Resources, the state’s IT agency, said late Tuesday that the website that was defaced is not hosted on its network, and that the Agriculture Department was able to respond to the attack and fix its website.
On Tuesday afternoon, Gov. Greg Abbott convened a meeting of the state’s terrorism task force, during which Abbott and Amanda Crawford, DIR’s executive director, said the state’s networks have logged as many as 10,000 contacts per minute with internet protocol addresses based in Iran in recent days, though the state government receives billions of “probes” every day. Crawford also said the state government does not know if any of the scans by Iranian IP addresses were directed by the Islamic Republic.
“We have no way of knowing whether anything is government-based or not or government-sanctioned,” she said, according to the Dallas Morning News.