As I saw on Your Drupal post, it seems to be clear that Q2A is not responsible for this failure. As well I read that they hacked the whole server where Your sites are on, this may be the result of any other install on this server, mostly caused by old cms which their owners forgot about. This is so, because popular scripts are much more often targeted by these hackers.
But, You really should think about Your hoster ! If it would be just Your sites it would be kind of "normal" . But if the hacker made it through the whole server, Your hoster seems to have bad security configurations.
Besides, this kind of hack is the better one, as they only changed the index files. These hackers see it as kind of sports to brake up as much sites as possible. And, just because it says it is kurdish, does not mean that it is kurdish.
I had the same problem a few years ago. I had to replace everything, as the hackers hided some program parts deep inside my folders. I as well needed the hosters help to delete some of their files.
However, good luck with this and thank You for the fast alert.
monk333
