Social media is a critical tool for the military to attract talent.
For the Space Force, Instagram allows it to reach the tech-savvy generation of talent by highlighting potential careers in space operations and in related STEAM fields. It also serves as a platform to explain daily operations to the wider public.
However, this week, the Space Force and Instagram are in the news for a very different reason – one that the newest branch of the military likely would have wanted to avoid. A senior uniformed official’s Instagram account was hacked, and it temporarily posted a string of “pro-Iran and anti-U.S. propaganda on Sunday, some of it invoking the Vietnam War,” CNN first reported.
The account of Chief Master Sgt. John Bentivegna, the top enlisted guardian in the Space Force, was hacked, with videos posted that criticized the ongoing conflict in the Middle East. It included audio from “Hanoi Hannah,” an infamous Vietnam War propagandist.
Bentivegna confirmed that his Instagram account was hijacked in a post on Facebook, where he warned his colleagues not to click on any links or to engage with the videos.
“We are working with the appropriate teams to regain access and resolve the issue as quickly as possible,” Bentivegna explained.
Troop Tracking Is also happening
The news of this hacking incident comes as Wired magazine also reported this week that Pentagon officials knew that U.S. military personnel could be tracked via their mobile and smart devices.
In April, U.S. military personnel, civilian employees, and others received a threat via a text message from Iranian hackers, CNN warned.
“Your identities are fully known to our missile units, and every move you make is under our surveillance,” one message is reported as stating.
These threats also follow the breach in March of the personal email account of FBI Director Kash Patel, in which some of his old photos and emails were leaked.
We should be concerned but not surprised. Hackers are working 24/7/365 to find gaps in our security,” said Lt. Gen. Ross Coffman
(U.S. Army, Ret.), president of Forward Edge-AI.
“My accounts have been copied 100s of time to extort money from unsuspecting good people,” Coffman told ClearanceJobs. “Leaders must stay vigilant and change passwords often. Additionally, leaders should never use social media to communicate information to those without a need to know.”
The CyberCaliphate
This week’s incident does bring to mind the January 2015 cyberattack in which a hacking group dubbed the “CyberCaliphate,” which claimed to have allegiance to ISIS, briefly took control of the U.S. Central Command’s (CENTCOM’s) Twitter and YouTube accounts.
The group posted threatening messages and leaked unclassified military documents before control of the accounts was regained.
Last summer, it was confirmed the Chinese-linked hacker collective known as Salt Typhoon had breached an Army National Guard network, exposing credentials and network diagrams over nine months in 2024. During a period from 2023 to 2024, Salt Typhoon was suspected of stealing more than 1,409 network configuration files associated with approximately 70 U.S. government and critical infrastructure entities from 12 sectors, including energy, communications, transportation, and water and wastewater.
The group, known alternatively as Red Mike, previously carried out a cyber espionage campaign against Western and Asian telecommunication companies. In February 2025, the group, believed to be working at the behest of Beijing, accessed the networks of AT&T, Verizon, and Lumen Technologies, notably the systems used by federal authorities for court-approved eavesdropping.
The New Threat Vector
Such attacks are likely to get worse, thanks to the emergence of more advanced technologies.
“AI chatbots are now an attack surface that didn’t exist three years ago. But what happened here is an authorization failure, not phishing. The attacker didn’t pretend to be a legitimate actor, steal a password or compromise an email account. Instead, they convinced an AI agent to perform a privileged action: adding a new email address and triggering a password reset to the new one. And the agent did it,” warned Dan Moore, senior director of CIAM strategy and identity standards at FusionAuth.
Moore told ClearanceJobs that there was no verification that the person making the request owned the account that was being changed. That’s the gap that needs to be filled, which should be easy to do.
“For public officials or anyone else with a high-value account, the practical moves are straightforward. Use a hardware security key as a second factor where the platform supports it,” Moore continued. “Prefer an email, push notification or TOTP second factor where possible. Avoid SMS-based second factors for high-value accounts. Make sure your recovery email is an account you control and monitor.”
Moore also suggested that a more pertinent question is whether Meta should have even let an AI agent have unmonitored write access to modify sensitive profile data like the account recovery email in the first place.
“The answer to that question is clearly no, but fixing it takes more than adding a security key to your account,” he acknowledged.
The Asymmetric Warfare
The United States military has repeatedly suggested that Iran’s ability to wage war has been greatly diminished. However, the fact remains that cyberattacks are a form of asymmetric warfare, where Tehran’s threat actors can still do considerable damage.
In this case, it was a propaganda coup, but next time, it could be far worse.
“The Meta story is a good illustration of why. You had a couple of high-profile accounts taken out by an attack that probably took less than an hour to execute,” Moore warned. “That cost asymmetry—low effort, high-visibility damage—is exactly what makes cyber such an effective tool for actors who can’t compete symmetrically.”
Moore told ClearanceJobs that what is also interesting is where the leverage came from.
“The attacker didn’t crack a password or compromise a mail server. They found a gap in how an AI agent was authorized to act on someone’s behalf. That’s a new category of exposure, right? And my hypothesis is we’re going to keep seeing it—because every time a service layer gets an AI capability, someone has to ask whether the identity model behind it was actually designed for that,” Moore continued. “Curiosity and a VPN turned out to be enough here. That’s a low bar.”
