Hackers acting in Turkey’s interests suspected in global cyberattacks - Reuters
A string of cyberattacks against governments and other organisations in the Middle East and Europe are believed to have been carried out by hackers acting in the interests of the Turkish government, Reuters said on Monday citing three senior Western security officials.
The attacks against 30 organisations, including embassies, government ministries and security services as well as companies and other groups, have included Cypriot and Greek government email services and the Iraqi government’s national security advisor, according to public internet records, it said.
The hackers worked to intercept internet traffic to victim websites and potentially enabling hackers to obtain illicit access to the networks of government bodies and other organisations.
The activity bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests, Reuters cited two British and one U.S. official as saying.
The officials arrived at the conclusion from the fact that the identities and locations of the victims including governments of countries that are geopolitically significant to Turkey, similarities to previous attacks that they maintain used infrastructure registered from Turkey and information contained in confidential intelligence assessments, which they refused to detail, it said.
While it is not clear which specific individuals or organisations were responsible, the official said, the believe the waves of attacks are linked because ‘’they all used the same servers or other infrastructure’’.
While Turkey’s Interior Ministry declined to comment on the allegation, a senior Turkish official responded indirectly by said Turkey was itself frequently a victim of cyberattacks.,
The attacks against Cyprus, Greece and Iraq identified by Reuters all occurred in late 2018 or early 2019, Reuters said citing public internet records with a broader series of attacks that are ongoing.
Western officials and private cybersecurity experts have identified the method used by the hackers as DNS hijacking, Reuters said, which involved ‘’tampering with the effective address book of the internet, called the Domain Name System (DNS), which enables computers to match website addresses with the correct server’’.
This, in turn, allowed hackers to redirect visitors to imposter websites, such as a fake email service, and capture passwords and other text entered there, it said.
The attacks have been occurring since at least early 2018, the records show, with that include Albanian state intelligence and civilian organisations in Turkey, such as the Turkish chapter of the Freemasons, which conservative Turkish media links to the U.S.-based Muslim cleric Fethullah Gülen, accused by the Turkish government of orchestrating the failed coup attempt of July 2016.