Cyber Incident Victim: Hellenic Ministry of Finance
Date:
Jan 2020
Location:
Greece
Summary
A cyber-attack disrupted several Greek government websites and businesses, including the Ministry of Finance, Parliament, Foreign Affairs, National Intelligence Services, and the Athens Stock Market. The Turkish hacker group Anka Neferler claimed responsibility, citing retaliation for non-recognition of a Turkey-Libya economic agreement. The attackers employed Denial of Service (DoS) techniques, overwhelming servers and forcing authorities to disconnect systems to prevent further damage, resulting in significant operational outages. While no data theft occurred, the Foreign Affairs disruption hindered consular communications internationally. In response, the group Anonymous Greece targeted Turkish websites, impacting email services, government VoIP systems, and emergency call infrastructure. Investigations continue without definitive attribution from server evidence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 17, 2020, multiple Greek government websites and business entities experienced disruptive cyber-attacks that forced several critical online services offline. Affected systems included the Greek Parliament, Ministry of Foreign Affairs, Ministry of Finance, National Intelligence Services (EYP), Athens Stock Market, and several unspecified Greek businesses. The attacks were claimed by the Turkish hacker group Anka Neferler, which cited retaliation against Greece’s refusal to recognize a November 2019 bilateral agreement between Turkey and Libya establishing an economic zone in the Eastern Mediterranean—a region with ongoing disputes over natural gas resources. Greek authorities identified the attacks as Denial of Service (DoS) incidents, characterized by overwhelming network traffic floods targeting servers. Government cybersecurity teams detected the anomalous traffic patterns and proactively disconnected affected servers to limit operational damage, though the Greek Parliament’s website remained offline due to the attack’s intensity. No evidence of data exfiltration or system infiltration was reported.
The incident disrupted diplomatic communications, with the Ministry of Foreign Affairs’ outage projected to impair consulates’ and embassies’ external communications for weeks. In response, the hacktivist group Anonymous Greece launched retaliatory cyber-attacks against Turkish targets, compromising email services, government VoIP systems, and Turkey’s ‘112’ emergency call number infrastructure. Greek authorities initiated an investigation but found no forensic evidence on compromised servers to conclusively verify Anka Neferler’s involvement despite their public claim. Media outlets in both countries extensively covered the attacks, highlighting regional tensions intertwined with the cyber-operations. Business disruptions were noted but not detailed in scope or duration. Restoration efforts and incident analysis remained ongoing at the time of reporting.