NEWS
Pro-Iran Hackers Hijack Space Force Top Enlisted Leader’s Instagram
Pro-Iran hackers seized control of the official Instagram account of the U.S. Space Force’s most senior enlisted leader for several hours on Sunday evening, filling it with anti-American imagery before he regained access. The Space Force Instagram hack hit the account tied to Chief Master Sergeant of the Space Force John Bentivegna, the top enlisted guardian in the service, on the night of May 31, with at least one profile post and a string of Instagram stories pushing pro-Iranian messages.
The defacement was cosmetic and short-lived. It also landed in the middle of a months-long run of Iran-linked operations aimed squarely at the digital lives of American troops, from leaked phone-location data to compromised industrial controllers across U.S. critical infrastructure.
How a Guardian’s Account Got Defaced for an Evening
The intrusion appears to have been limited to a single platform. Bentivegna’s account carried pro-Iranian art as a profile post, and several stories with anti-American captions went up across the evening before screenshots spread fast across military Reddit threads and social media. By around 1 a.m. Eastern on Monday, the added stories and posts were gone, and none of his earlier content appeared to have been altered.
Bentivegna acknowledged the breach publicly, posting on Facebook (Meta owns both platforms) that he was working to recover the account. He treated it less as a national-security event than as a teachable moment about everyday account security.
If you receive any direct messages, requests, links, or unusual posts from that account, please do not engage with them. Experiences like this are a good reminder that cybersecurity isn’t just an issue for organizations, it’s something we all deal with in our daily lives.
That warning matters because account takeovers are most dangerous in the minutes after they happen, when a trusted name can push a malicious link to thousands of followers. Space Force and the Department of the Air Force did not immediately respond to requests for comment on how the account was breached or whether other senior leaders were targeted.
The Posts That Went Up, and Who They Referenced
Whoever ran the account knew their cultural references. One story riffed on the “Battle of the Bastards” episode of HBO’s “Game of Thrones,” a piece of pop-culture shorthand for an outmatched force charging into a slaughter. The framing was the message.
Another story carried footage of Ali Larijani, described in the original reporting as the late secretary of Iran’s Supreme National Security Council, who according to that account was killed on March 17 during the ongoing American and Israeli war with Iran. Pairing a defaced U.S. military account with a slain Iranian official is the kind of symbolic trophy that influence operations are built to generate.
The most pointed clip reached back six decades. It used audio from Trinh Thi Ngo, the broadcaster better known as “Hanoi Hannah,” who delivered English-language propaganda to American troops during the Vietnam War. The story was captioned with a Farsi warning that translated to a blunt threat: this is your fate if you get close to the Middle East.
None of it required a sophisticated breach of a classified system. It required one consumer account and an audience primed to share the screenshots, which is exactly what happened.
Why an Influence Stunt Beats a Network Breach
For a state-aligned actor, hijacking a general officer’s or a senior enlisted leader’s personal social feed is cheap, fast, and loud. There is no need to crack a Defense Department network when a reused password or a phished login on a commercial app delivers a headline-grade humiliation. The payoff is measured in screenshots, not stolen files.
That logic is why U.S. agencies have spent the spring warning that Iran-aligned activity tends to lean on the easiest available door. In an joint federal advisory on potential Iranian cyber activity, the Cybersecurity and Infrastructure Security Agency (CISA, the U.S. government’s lead civilian cyber defense agency) and its partners flagged low-sophistication, high-visibility operations as a hallmark of the moment, including website defacements and account compromises meant to project reach rather than steal secrets.
A Pattern Bigger Than One Hacked Account
The Bentivegna takeover reads differently once it sits next to the other operations U.S. officials have confirmed this year. The common thread is not a single network. It is the individual service member, tracked, profiled, or impersonated through commercial tools and consumer platforms that sit outside the military’s hardened systems.
From Personal Feeds to Industrial Controllers
On April 7, CISA, the FBI and partner agencies issued an advisory on Iranian-affiliated targeting of programmable logic controllers, the small industrial computers (PLCs) that run water, energy and government facilities. The advisory described actors manipulating internet-exposed devices and the data shown on operator screens, with some victims reporting operational disruption and financial loss since at least March.
That is the heavy end of the campaign. The Instagram defacement is the light end. Both serve the same purpose during wartime: signal that no surface is too small or too symbolic to touch.
The Targeting Has History
None of this is new for Tehran-linked groups. In 2021, Meta dismantled a network it tied to a group known as Tortoiseshell, which used roughly 200 fake accounts posing as recruiters, journalists and aerospace employees to befriend and phish nearly 200 U.S. military personnel and defense workers. The vector then was the same as now: a consumer platform and a human being, not a Pentagon firewall.
| Operation | Vector | Target | Confirmed by |
|---|---|---|---|
| Bentivegna account takeover | Instagram account compromise | Senior enlisted leader | Bentivegna (public post), May 2026 |
| Commercial location tracking | Purchased phone-location data | Deployed troops | CENTCOM to Congress, April 2026 |
| PLC manipulation | Internet-exposed controllers | Water, energy, government sites | CISA advisory AA26-097A, April 2026 |
| Tortoiseshell phishing | Fake social personas | Military, defense, aerospace | Meta takedown, 2021 |
What the Pentagon Hasn’t Fixed
The most consequential disclosure of the season had nothing to do with Instagram. In a bipartisan letter to the Defense Department’s chief information officer, Oregon Senator Ron Wyden and 13 other lawmakers revealed that U.S. Central Command had told Congress, in a document dated April 14, that it “received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.” It was the first time the department acknowledged adversaries using bought location data against troops in an active war zone.
Wyden’s central complaint was not the threat itself but how long it has been ignored. The letter noted that Pentagon officials have understood the risk for at least a decade, going back to contractor demonstrations that tracked special operations forces in Syria, and that the department still had not required an available opt-in setting to disable the unique advertising identifiers that let data brokers follow individual phones.
“DoD has known about this serious threat for over a decade, but has failed to adopt commonsense cyber defenses that are recommended by federal agencies,” Wyden wrote. New Mexico Senator Martin Heinrich, a co-signer, pressed the department to adopt the safeguards that privacy advocates have urged for years.
The Soft Underbelly Is Personal Devices
Put the pieces together and a picture emerges that the screenshots alone miss. Hardened military networks are a tough target. The personal phone, the reused password, the public-facing social account: those are where the war keeps spilling over.
- Turn on multi-factor authentication on every account, ideally with an authenticator app or hardware key rather than text-message codes.
- Use unique, long passwords stored in a manager, since a single reused credential is the most common path into a takeover.
- Disable ad-tracking identifiers on personal phones and limit location permissions to apps that genuinely need them.
- Treat unexpected direct messages, links and recruiter pitches as hostile until proven otherwise, the exact pattern Tortoiseshell exploited.
A few quick stats frame how lopsided the exposure has become:
- Several hours was all it took for the hijacked account to broadcast hostile content to a verified military audience.
- 14 lawmakers signed the bipartisan warning about commercial location data reaching foreign adversaries.
- 10-plus years is how long the Pentagon has reportedly known location tracking could put troops in a targeting reticle.
- 200 accounts made up the earlier Tortoiseshell network built to phish service members one conversation at a time.
Bentivegna got his account back by Monday morning, and the propaganda came down. The harder question is whether the next compromised login belongs to someone with more to lose, and whether the basic defenses are in place before it does.
Meta Secures Instagram Accounts After AI Chatbot Hack
Malaysia Enforces Under-16 Social Media Ban With Mandatory ID Checks
The EU’s Age Verification App Trades One Privacy Risk for Another
BigTrunk Bags Velvex National Digital and Social Mandate
Crypto Payments Shift Florida’s Gambling Revenue Math in 2026
Meta’s 13+ Teen Filters Go Global, Squeezing Ad Targeting
DeepSeek Takes $7.4 Billion After Years of Refusing Investors
Acer’s 1000Hz Gaming Monitors Hide a 720p Refresh Catch
Luna Abyss Shows What a Day-One Xbox Game Pass Slot Is Worth
netiBIO Wins Biomass Award as CBG Plants Chase Higher Yield
Andreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
Cathie Wood Calls SpaceX IPO Demand ‘Voracious’ Ahead Of $1.75T Debut
Ghana CSA Plants Office In Ho As Volta Cybercrime Climbs
Hormuud Bets $19 Down Will Finally Pull Somalia Online
Google’s Buried Page Reveals 500 Niche Websites Still Making Cash
Apple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
Metalenz Polar ID Hides Face Unlock Under OLED Smartphone Screens
Google AI Overviews Adds Subscribed Label, Reddit Quotes Inline
Asha Sharma Reshuffles Xbox Leadership In Race To Project Helix
Audible Faces Nationwide Class Action Over Expiring Credits
-
CRYPTO4 weeks agoAndreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
-
CRYPTO4 weeks agoCathie Wood Calls SpaceX IPO Demand ‘Voracious’ Ahead Of $1.75T Debut
-
NEWS4 weeks agoGhana CSA Plants Office In Ho As Volta Cybercrime Climbs
-
NEWS4 weeks agoHormuud Bets $19 Down Will Finally Pull Somalia Online
-
APPS4 weeks ago
Google’s Buried Page Reveals 500 Niche Websites Still Making Cash
-
NEWS4 weeks agoApple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
-
NEWS4 weeks agoMetalenz Polar ID Hides Face Unlock Under OLED Smartphone Screens
-
AI4 weeks agoGoogle AI Overviews Adds Subscribed Label, Reddit Quotes Inline