Turkey Behind Major ‘State-Backed Cyber-Espionage’ Targeting Europe & Middle East

After prior widespread state cyber-espionage operations were revealed connected to both Iran and Saudi Arabia in the past months, a new bombshell Reuters investigation has exposed a new alleged Turkish government-linked hacking operation which has targeted organizations across Europe and the Middle East for the past two years. 

Citing multiple senior Western defense and security officials as well as public internet records the new report concludes at least 30 organizations ranging from government ministries to embassies to international companies have been targeted by hackers who appear to be doing the bidding of Turkey. Notably the Greek and Cypriot governments and their state email services have topped the list of targets.

The Cypriot government confirmed it was targeted as part of the operation but did not give details. Iraq’s government, specifically national security offices, were also identified in the report as a prime target. 

Security officials said that infrastructure registered in Turkey was used in the hacks, but did not reveal further details related to confidential intelligence assessments. 

But interestingly, at least one entity inside Turkey itself was allegedly hacked – a Turkish chapter of the Freemasons said to have ties to US-based Turkish opposition cleric Fethullah Gulen.

The DNS-hijacking campaign is said to be similar in methodology detailed in separate prior reporting related to Iran known as DNSpionage. Reuters explains and summarizes the alleged Turkish hackers’ methods as follows: 

The hackers used a technique known as DNS hijacking, according to the Western officials and private cybersecurity experts. This involves tampering with the effective address book of the internet, called the Domain Name System (DNS), which enables computers to match website addresses with the correct server.

By reconfiguring parts of this system, hackers were able to redirect visitors to imposter websites, such as a fake email service, and capture passwords and other text entered there.

Reuters reviewed public DNS records, which showed when website traffic was redirected to servers identified by private cybersecurity firms as being controlled by the hackers. All of the victims identified by Reuters had traffic to their websites hijacked – often traffic visiting login portals for email services, cloud storage servers and online networks — according to the records and cybersecurity experts who have studied the attacks.

The new hacking revelations also come as tensions between Turkey and its longtime enemies Greece and Cyprus are soaring over Turkey oil and gas exploration and drilling in the eastern Mediterranean, which the EU says has illegally cut into both countries’ Exclusive Economic Zones (EEZ). 

A diplomatic row between Greece and Turkey has broken out into cyberspace, and hacktivists are on the warpath. Will enterprises end up as collateral damage? By Yotam Gutmanhttps://t.co/uUHCVVaCfZ #infosec #threatlandscape #cybersecurity #cyberspace #cyber #enterprises

— SentinelOne (@SentinelOne) January 23, 2020

Investigators took particular note of the victims and targets — all who appeared to be geopolitical enemies of Turkey, and in the case of Turkish-related groups targeted, they happened to be linked to the exiled Fethullah Gulen and/or his supporters. 

Gulen has remained an official enemy of the Turkish state under President Erdogan, who has consistently put pressure on Washington to arrest and transfer the opposition cleric back to Turkey.