A recent wave of cyberattacks targeting governments and other organizations in the Middle East and Europe are believed to be the work of hackers acting in the interests of the Turkish government, Reuters revealed on Monday, citing three senior Western security officials.
The hackers targeted at least 30 organizations with government ministries, embassies and security services as well as companies and other groups among the victims, including Cypriot and Greek government email services and the Iraqi government’s national security advisor, according to public internet records reviewed by Reuters.
To gain an unauthorized access to the networks of government bodies and other organizations the hackers attempted to intercept internet traffic to victim websites using a technique known as DNS hijacking (DNS redirection), a type of cyberattack, which involves fiddling with DNS queries in order to redirect users to malicious sites.
This allowed hackers to redirect visitors to imposter websites, such as a fake email service, and collect passwords and other information entered there, the news agency said.
While it is not clear, which specific individuals or organizations are behind the malicious activities, the officials believe that the waves of attacks are linked because they “all used the same servers or other infrastructure”.
According to the officials, the campaign bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests. The experts came to this conclusion based on the identities and locations of the victims; the use of infrastructure registered from Turkey that was previously linked to similar attacks; and information contained in confidential intelligence assessments that they declined to detail.
The attacks against Cyprus, Greece and Iraq occurred in late 2018 or early 2019, Reuters said citing public internet records with a broader series of attacks that are ongoing.
Turkey’s Interior Ministry declined to comment on the allegations, Reuters said. A senior Turkish official said that Turkey was itself frequently a victim of cyberattacks.