Cyber Threat Actor: Anka Neferler
| Actor Type | Location | Known Incidents |
Activist
|
Turkey
|
8 incidents |
|---|
Profile
The actor referenced in the source material claims to be a Turkish group that has taken responsibility for a series of denial‑of‑service attacks against Greek government online services. No further aliases or alternative names are provided in the open source material, and no definitive attribution to a state sponsor, criminal syndicate, or other threat‑actor collective has been publicly established. The group’s self‑identification as Turkish is the only attribution detail that appears in the reporting, and the investigators noted that no identifiable artifacts were left on the compromised servers to confirm this claim.
The actor’s observed targeting focuses on Greek governmental infrastructure, specifically targeting official websites, government‑run Voice over IP systems, the national emergency telephone number (112), and the foreign affairs ministry’s online presence. The described impact includes the temporary unavailability of the Greek parliament’s website, disruption of VoIP services, and interference with the 112 emergency line, which officials warned could hinder consular and embassy communications. The stated effect of the attacks is disruption of normal internet operations, with explicit mention that no data exfiltration or theft was observed during the incidents.
The tactics, techniques, and procedures described in the source are limited to denial‑of‑service tactics, specifically the flooding of network traffic that prompted Greek authorities to disconnect affected servers to mitigate further damage. No malware families, exploit kits, phishing vectors, or other intrusion methods are mentioned in the reporting, and no details are provided about command‑and‑control infrastructure, payload delivery, or post‑exploitation activities. Consequently, any inference about the actor’s technical sophistication, resource level, or motivation beyond the observed disruptive effect would constitute speculation and is therefore omitted.
The most notable publicly reported operation attributed to this actor is the coordinated denial‑of‑service campaign against Greek government services that resulted in the parliamentary website going offline, impaired VoIP and emergency services, and caused anticipated operational difficulties for Greek consulates and embassies abroad. The incident prompted an ongoing investigation by Greek authorities, but as of the source’s publication no further technical details or subsequent campaigns have been disclosed. This summarizes the factual information available from the provided source regarding the actor’s behavior, targeting, and observed impact.
