Hackers acting in Turkish gov't interests believed to be behind recent cyberattacks

Reuters

Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, two British officials and one U.S. official said.

The hackers have attacked at least 30 organisations, including Cypriot and Greek government email services and the Iraqi government's national security advisor, the records show.

The officials said that conclusion was based on three elements: the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey; similarities to previous attacks that they say used infrastructure registered from Turkey; and information contained in confidential intelligence assessments that they declined to detail.

The attacks have involved intercepting internet traffic to victim websites, potentially enabling hackers to obtain illicit access to the networks of government bodies and other organisations.

The officials said it wasn’t clear which specific individuals or organizations were responsible but that they believed the waves of attacks were linked because they all used the same servers or other infrastructure.

Turkey’s Interior Ministry declined to comment. A senior Turkish official did not respond directly to questions about the campaign but said Turkey was itself frequently a victim of cyberattacks.

The Cypriot government said in a statement that the “relevant agencies were immediately aware of the attacks and moved to contain” them. "We will not comment on specifics for reasons of national security," it added.

No connection to Gülen

Civilian organisations in Turkey have also been attacked, the records show, including a Turkish chapter of the Freemasons, which conservative Turkish media has said is linked to U.S.-based Muslim cleric Fethullah Gülen accused by Ankara of masterminding a failed coup attempt in 2016.

The Great Liberal Lodge of Turkey said there were no records of cyberattacks against the hijacked domains identified by Reuters and that there had been “no data exfiltration.”

"Thanks to precautions, attacks against the sites are not possible," a spokesman said, adding that the cleric has no affiliation with the organisation.

The cleric has publicly denied masterminding the attempted coup, saying “it’s not possible,” and has said he is always against coups.

A spokesman for Gülen said Gülen was not involved in the coup attempt and has repeatedly condemned it and its perpetrators. Gülen has never been associated with the Freemason organization, the spokesman added.