One of the subdomains of former US President Donald Trump's website was defaced by a hacker or hacker group, called RootAyyildiz, claiming responsibility. The attackers posted an excerpt from the Surah Al-Hashr from the Quran on the defaced website, as well as a video of Recep Tayyip Erdogan.
A snapshot from 18 October 2021 showing the hacked "action" subdomain of Donald Trump's website
© Photo : Screenshot
The hacker changed the "action" subdomain of the ex-POTUS' website, where Trump posted calls for his followers to sign petitions or urged them to ask his campaign questions. Right now, this part of Trump's website is down and redirects to the main page. However, the site's archive on the website Wayback Machine suggests that it has been up and down throughout most of September and October.
An earlier snapshot showing the hacked "action" subdomain of Donald Trump's website as of 10 October 2021
© Photo : Screenshot
The earlier snapshots of the "action" subdomain show that hackers defaced the website at some point in October. One of the earlier versions contained only a reference to the Surah Al-Hashr from the Quran, which was later seen in full on Trump's website, saying "this happens when you forget Allah". This earlier version of the hacked subdomain also attributed the attack not only to "RootAyyildiz", but also to "1877 TEAM".
Little is known about RootAyyildiz – their Facebook page identifies them as a "Turkish Defacer", while in one of their earlier defacing efforts they also identified themselves as the "Muslim Defacer". The online media outlet Motherboard contacted the hacker, who explained that the defacing was their way of making their voice heard.
"There are many areas of hacking attacks, for example, hacking social media accounts or websites, I am a hacktivist and I have been working on websites for a long time and I choose this management to have my voice heard", RootAyyildiz told the Motherboard.
The hacker also explained that they used Server Side Template Injection (SSTI) to hack Donald Trump's website. SSTI is an attack, where a cyberintruder replaces part of the website's code to change its contents with something of their own design. RootAyyildiz claims to have been in control of the hacked domain for three months, but snapshots of the website show it untouched as of early September.
Donald Trump and his team have not yet commented on the reports about the subdomain of their website being hacked.