Both of the attackers are still at large but face up to ten years in prison and fines up to $250,000 if convicted in the US. Website defacements are on the lower end of the spectrum of harm for cybercrime. Typically, defacement attacks are carried out by those that are protesting an event. Many times, the websites are restored to normal quickly with little to no downtime on their end. In many cases, these attackers are leveraging known vulnerabilities within a website to gain access. It is critical to make sure all systems are patched and up to date. Access can also be achieved by using compromised credentials. This could happen through re-used passwords that have already been leaked or stolen through spear-phishing campaigns. Making sure individuals in your company only have access to the systems they need to will make it harder for an attacker to target the correct individual.

More can be read here: https://www.zdnet.com/article/us-charges-two-hackers-for-defacing-us-websites-following-soleimani-killing/