28 January 2020

Turkish government hackers believed to be responsible for a string of cyberattacks in Europe and the Middle East


Turkish government hackers believed to be responsible for a string of cyberattacks in Europe and the Middle East

A recent wave of cyberattacks targeting governments and other organizations in the Middle East and Europe are believed to be the work of hackers acting in the interests of the Turkish government, Reuters revealed on Monday, citing three senior Western security officials.

The hackers targeted at least 30 organizations with government ministries, embassies and security services as well as companies and other groups among the victims, including Cypriot and Greek government email services and the Iraqi government’s national security advisor, according to public internet records reviewed by Reuters.

To gain an unauthorized access to the networks of government bodies and other organizations the hackers attempted to intercept internet traffic to victim websites using a technique known as DNS hijacking (DNS redirection), a type of cyberattack, which involves fiddling with DNS queries in order to redirect users to malicious sites.

This allowed hackers to redirect visitors to imposter websites, such as a fake email service, and collect passwords and other information entered there, the news agency said.

While it is not clear, which specific individuals or organizations are behind the malicious activities, the officials believe that the waves of attacks are linked because they “all used the same servers or other infrastructure”.

According to the officials, the campaign bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests. The experts came to this conclusion based on the identities and locations of the victims; the use of infrastructure registered from Turkey that was previously linked to similar attacks; and information contained in confidential intelligence assessments that they declined to detail.

The attacks against Cyprus, Greece and Iraq occurred in late 2018 or early 2019, Reuters said citing public internet records with a broader series of attacks that are ongoing.

Turkey’s Interior Ministry declined to comment on the allegations, Reuters said. A senior Turkish official said that Turkey was itself frequently a victim of cyberattacks.

Back to the list

Latest Posts

PayPal customers hit with fraudulent charges via Google Pay

PayPal customers hit with fraudulent charges via Google Pay

It's not clear what vulnerability is being exploited, but the issue may be related to a bug reported to PayPal a year ago.
25 February 2020
Croatia’s largest petrol station chain joins list of victims of ransomware attacks

Croatia’s largest petrol station chain joins list of victims of ransomware attacks

The CLOP ransomware family is suspected to be involved in the attack.
21 February 2020
WordPress ThemeREX plugin flaw is being actively exploited to create rogue admin accounts

WordPress ThemeREX plugin flaw is being actively exploited to create rogue admin accounts

The flaw in the ThemeREX Addons plugin can be used to remotely execute code on websites.
20 February 2020