Reuters: Turkey linked hackers are targeting governments and organizations in Europe and the Middle East, since early 2018, to steal sensitive information
Turkey linked hackers are targeting governments and organizations in Europe and the Middle East, since early 2018, to steal sensitive information. It has been unveiled by some cyber security experts. According to Reuters, the threat actor attacked at least 30 targets. Victims include Cypriot and Greek government email services and the Iraqi government’s national security advisor. The TTPs see malicious hackers intercept internet traffic to targeted websites, potentially enabling them to obtain illicit access to the networks of government bodies and other organisations. According to two British officials and a US official, the activity bears the hallmarks of a state-backed cyber espionage operation to advance Turkish interests. The conclusion is based on three elements: identities and locations of victims, which included governments of countries geopolitically significant to Ankara; similarities to previous attacks used infrastructure registered from Turkey; and information contained in confidential intelligence assessments.
The threat actors exploited the DNS hijacking to infiltrate in networks and steal sensitive information
According to the cyber security experts, the Turkish-linked attacks highlight a weakness in a core pillar of online infrastructure that can leave victims exposed to aggressions outside their own networks, making them difficult to detect and defend against. Malicious hackers, as Iranians did before, used the DNS hijacking. This involves tampering with the effective Domain Name System (DNS), which enables computers to match website addresses with the correct server. By reconfiguring parts of this system, hackers are able to redirect visitors to imposter websites, such as a fake email service and capture passwords and other text there. Reuters reviewed public DNS records, which showed when website traffic was redirected to servers identified by private cyber rsecurity firms as being controlled by the hackers. All victims had traffic to their websites hijacked, often traffic visiting login portals for email services, cloud storage servers and online networks.