Turkish hackers have hit 30 organisations, including government ministries, embassies and security services as well as companies and other groups. Victims have included Cypriot and Greek government email services and the Iraqi government’s national security advisor.
The attacks use DNS hijacking potentially enabling hackers to obtain illicit access to the networks of government bodies and other organisations.
Turkey was identified based on the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey. The infrastructure and servers used were registered in Turkey.
The Cypriot, Greek and Iraqi attacks occurred in late 2018 or early 2019. A broader series of attacks is ongoing, according to the officials as well as private cybersecurity investigators.
Other victims included Albanian state intelligence, according to the public internet records. Albanian state intelligence had hundreds of usernames and passwords compromised as a result of the attacks, according to one of the private cybersecurity investigators, who was familiar with the intercepted web traffic.
Civilian organizations in Turkey have also been attacked, the records show, including a Turkish chapter of the Freemasons, which conservative Turkish media has said is linked to US-based Muslim cleric Fethullah Gulen accused by Ankara of masterminding a failed coup attempt in 2016.