High-profile online attacks are taking place in the last hours of Turkish hackers cyber squads of the AKINCILAR team in Greek Critical Infrastructures and Ministries!
According to reports found by SecNews editors in foreign exchange information forums, unknown hackers (possibly guided by government agencies in the neighboring country), proceeded to adding / altering both central and internal webpages, while posting messages. The Turkish hackers carried out their massive attacks already since 24 December 2018, while the officers appear to have not detected the malicious attacks until those lines are written.
The web sites of the Greek Ministries and Services seem to be still under the control of the Turkish hackers of AKINCILAR. The preliminary stages of the attacks against Greek targets by the Turkish AKINCILAR hackers team appear to have started at 24 / 12 / 2018.
The timing of the attack by AKINCILAR
Turkish cyberguards initially struck smaller targets to detect the vulnerability of the systems before clearly indicating their presence with prominent web site alterations. The original goal was the website http://dimosio2020.gov.gr, which is essentially a public information website of its National Strategy Ministry of Administrative Reconstruction
Then and unknown how (probably using codes derived from the first target) the cyber targets were successfully targeted at the following:
- https://sports.ert.gr [ERT Sports News Website]
- https://int.ert.gr [ERT International News Website]
- https://proskliseis.ert.gr [ERT Content Website]
- https://socialgrowth.ert.gr [Off now]
At the same time, alteration of web pages was observed on websites of the Ministry of Interior, namely:
- http://websdit.ypes.gr [THESEAS Public Private Partnership]
- http://efc.ypes.gr [Europe for Citizes program 2014-2020]
- http://eyc2013.ypes.gr [European Year of Citizens 2013]
- http://gis.ypes.gr [Integrated Geographical Information System GIS]
Turkish government hackers seem to have spotted weaknesses in web server servers, enabling them with specialized tools (which do not require much knowledge), gain full access with administrator permissions on the servers and add corrupted content.
The following picture / message was placed on all the spoiled web pages:
This is a barrage of attacks on high profile goals which directly or indirectly concern the Greek Government.
Right now whoever visits some of the mentioned websites sees the above content. The image of the tank accompanies the phrase "One night we can come", written in Turkish, threatening a new disaster.
"From here, we warn those who are out of bounds and we remind you that the history of 7 / 09 / 1922 events can be repeated" "they feature in the photo.
Who are the AKINCILAR Turkish cybercasters?
AKINCILAR hackers, according to information available to SecNews, is reported to be a small and flexible group of cyber warriors (Akincilar Cyber Warrior), directly related to the President of Turkey, Recep Tayyip Erdogan. The group, which call themselves "Pro-hackers loyal to Erdogan", are said to be receiving orders to carry out cyberattacks against high-profile targets at the behest of persons close to the president's associates.
Most of the time, their attacks are guided by the political developments concerning the neighboring country, but also events related to its foreign policy and diplomacy. In addition to web site tampering attacks, this group does Denial of Service attacks (DDoS) but also attacks on mass data.
The AKINCILAR team is the cyber warrior (TW) specialized cyber-attack group of the Turkish Hacking Group. The group was founded in 1999, with the first serious cyber attack on 2003 when they massively attacked 1500 American websites, altering their content as a protest against the invasion of the Americans in Iraq, but also about the arrest of a Turkish agent in the north of Iraq , interrogated by the US Army.
The team has subgroups on strategy, intelligence and intelligence, research and development and logistics. Their expert group on cyber attacks is Akincilar. The sub-group targets mainly government websites and networks, while it has the ability to develop its own cyber arms or to improve other (third-party) manufacturers. In addition, they have organized a Cyberwar Academy where they provide online training to their new members!
From time to time, they have private information exchange forums have been reported in hacking methodologies a) how to hack into gmail accounts b) how to attack satellite and air systems (!).
The same group of Turkish hackers, associated with the president of Turkey, had last week claimed that he threw the Foreign Ministry's website and gained access to e-mails of diplomats, which was not confirmed by the Greek side, while a statement was issued by the Foreign Ministry.
From the relevant material published publicly and after this study, too, the denial of the Ministry's staff, we found that Turkish hackers had made unauthorized access to the mail accounts of diplomas and employees of the Ministryspecifically on the Zimbra server).
The SecNews technical team's assessment is that there is currently an active Phishing attack against government critical infrastructure to extract passwords from officials or employees of Ministries & Organizations.
The aim of cyberwarriors in Turkey is to provoke a reaction by the Greek government, following pressures from the media and in the face of nationalist outrages, while sending out a loud message about cyber warfare capabilities for both spying and sabotage.
Direct Actions of the officers - The attacks have not been perceived!
The targeting information systems are as we found on the network Syzefxis, serving almost all of the public sector structured (theoretically at least) according to all modern security checks.
As we have often mentioned in the past, the Syzefxis as a provider It does not basically the responsibility of managing the servers of the respective operator but simply providing the access medium. Total care should be taken to ensure at least the organizations that manage sensitive personal data, drawing expertise from Syzefxis management staff who are properly trained and responsible for security issues.
The responsible administrators of the targeted websites should IMMEDIATELY take the necessary measures and repair the technical weaknesses used by the hackers to gain unauthorized access. Servers that seem to have accepted the cyber attack should be placed out of the network and analyzed thoroughly for digital proofsto identify the exact way the invasion took place and to take the attackers away if they have infiltrated other servers in the network under investigation.
It appears that the attackers used weakness in the CMS administration that websites were created. Especially for the Geographical Information website of the Ministry of Interior, it has to be investigated whether data has been extracted contain personal data of employees or citizens.
In addition, our appreciation is that we need to be informed by the relevant bodies and the Privacy Authority mainly with regard to the GDPR legislation, since it is unclear whether hackers have access to personal data of employees or citizens !!!
We call upon the relevant IT departments of the relevant Ministries and Organizations that were targeted by the AKINCILAR hackers team, to take immediate measures and to regain access to the servers as well as to receive newsletters if personal data of employees or Greek citizens have leaked!
Stay tuned in SecNews, the credible XNUM website for information on cyber-security and cybercrime issues.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.