Cyber Threat Actor: Turkish Ajan

The threat actor known asTurkish Ajan, also referred to simply as Ajan, is a hacker group that operates from Turkey. The group first came to public attention in February 2014 when it claimed responsibility for a breach of Mercantile Communications Pvt. Ltd., a major Nepali Internet service provider. According to the group's own statements, they leaked the internal database structure and more than one hundred employee records containing names and email addresses. They also asserted that they had accessed additional personal data such as phone numbers and physical addresses but chose not to publish it to protect individual privacy. The attackers described the intrusion as a means to announce their resurgence after a period of inactivity.

Turkish Ajan indicated that the Mercantile target was selected without a specific rationale, serving only as a demonstration of capability. The group declared its intention to shift future operations toward government entities in the United States, Israel, and China, citing political and religious motivations. They characterized the United States as a terrorist country opposed to Islam, and described China and Israel as responsible for killing Muslims, thereby justifying attacks on those nations' government sites. No financial gain or espionage motive was mentioned in the available reporting; the stated aim appears to be disruptive or symbolic in nature.

Public sources do not provide details about the malware families, tools, or initial access vectors employed by Turkish Ajan in the Mercantile incident, so specific tactics, techniques, and procedures remain undocumented. Likewise, no evidence links the group to a state sponsor or to a larger criminal consortium; the actor is presented solely as an independent Turkish hacker collective. The Mercantile breach stands as the sole publicly reported operation attributed to Turkish Ajan, and no further campaigns have been verified in open sources.