Cyber Threat Actor: Aslan Neferler Tim

Aslan Neferler Tim, alsoknown as Lion Soldiers Team or ANT, is a hacker group that has publicly identified itself as operating from Turkey. The group uses the aliases Aslan Neferler Tim, Lion Soldiers Team, ANT, and Aslan Neferler Tim (ANT) in its communications and claims of responsibility. It describes its mission as defending Turkish national and religious interests without formal party political links, according to statements posted on its own social media profiles. The actor has been active since at least 2016, carrying out a series of disruptive actions against targets in Europe.

The group’s observed targeting focuses on governmental and political institutions, as well as critical infrastructure, primarily in Denmark and Austria. Incidents include denial-of-service actions against the Danish Ministry of Immigration and the Ministry of Foreign Affairs, the Austrian Parliament website, the Austrian National Bank’s web servers, and Vienna International Airport. Additionally, the group has referenced operations against the pro‑Kurdish Peoples’ Democratic Party (HDP) in Turkey. The stated objectives in the group’s own messages are to protest perceived anti‑Muslim sentiment, racism, or political positions such as opposition to Turkey’s European Union membership bid, framing the attacks as responses to specific public statements or policies.

Technically, Aslan Neferler Tim has employed distributed denial‑of‑service (DDoS) techniques that flood servers with excessive service requests, and in the case of the Austrian National Bank it used an email‑flood method reported as over five million emails per minute to overwhelm the system. The group relies on social media platforms such as Facebook and Twitter to announce responsibility and share screenshots of affected services. No malware families, exploit kits, or sophisticated intrusion tools have been documented in the publicly available reporting. Attribution to a state sponsor or a formal criminal consortium has not been established; the group presents itself as an ideologically motivated collective without clear ties to any government or organized crime network. The most notable publicly reported operations are the 2017 DDoS disruption of Danish ministries, the 2017 Austrian Parliament outage, the 2016 email‑flood against the Austrian National Bank, and the 2016 attempted disruption of Vienna International Airport, each accompanied by claims of responsibility linked to contemporaneous political events. This summarizes the facts that are directly supported by the provided sources.