Cyber Incident Victim: Central Bank of Russia
Date:
Nov 2015
Location:
Russia
Summary
A pro-Turkish hacktivist group known as Turk Hack Team executed a DDoS attack against the Russian Central Bank's website, causing temporary downtime as retaliation for geopolitical tensions following Turkey's downing of a Russian military jet near Syria. The attackers claimed the action was a warning against violating Turkish airspace and publicly asserted responsibility via social media, emphasizing their intent to defend national sovereignty without prolonging the disruption. The group, previously linked to cyber operations supporting Turkish political interests, restored access after delivering their message.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 24, 2015, the Turk Hack Team (THT), a Turkish hacktivist group, executed a distributed denial-of-service (DDoS) attack against the official website of the Central Bank of Russia. The attack rendered the bank’s website inaccessible for over ten minutes, disrupting public access to its online services. THT member Black-Spy publicly claimed responsibility for the incident via social media, posting a screenshot of the defaced website on Twitter and tagging cybersecurity news outlet HackRead. In subsequent communications with HackRead, Black-Spy explicitly stated the attack was a retaliatory measure against Russia following the downing of a Russian Su-24 fighter jet by Turkish F-16s near the Syria-Turkey border earlier that day. The hacker emphasized the action served as a warning against further violations of Turkish airspace, declaring, “Don’t ever try to violate our airspace again, we are Turks and we don’t back down.” THT ceased the attack after achieving temporary disruption, asserting the symbolic message had been delivered. Technical details regarding attack vectors, traffic volume, or defensive countermeasures deployed by the bank were not disclosed in available reporting.
The incident occurred amid heightened geopolitical tensions following Turkey’s shootdown of the Russian jet, which resulted in the deaths of both pilots. Turkish authorities claimed repeated warnings were issued to the aircraft prior to engagement, though conflicting narratives persisted regarding the jet’s location relative to Turkish airspace. THT, identified as a pro-Erdoğan collective, had previously gained notoriety in April 2015 for disabling the Vatican City’s website following Pope Francis’ characterization of Ottoman-era Armenian deaths as genocide. No data breach or financial system compromise was reported in connection with the Central Bank attack, which exclusively targeted public website availability. The bank’s technical team restored full functionality prior to November 25, when HackRead published its account of the incident. THT did not announce further attacks against Russian financial infrastructure, maintaining their focus on temporary disruption for political signaling rather than sustained cyber operations or financial gain.