Cyber Incident Victim: Ministry of Information of Iran

The Turk Hack Team (THT), a Turkish hacker group, initiated a series of cyber attacks against Iranian and Russian government websites between December 2015 and January 2016. On December 25, 2015, THT defaced over 2,000 Russian and Iranian websites, replacing content with anti-Putin messages accusing the Russian president of planning civilian deaths and betraying nationalist values. The defacements included Iranian government domains, though specific Iranian site examples beyond the Ministry of Information weren't detailed in available records. This phase established THT's political motivation tied to tensions following Turkey's downing of a Russian jet near Syria in November 2015.

The campaign escalated on December 26 with "Operation OpRussia," where THT leaked personal data of hundreds of Russian citizens from online shopping platforms, exposing names, cities, phone numbers, emails, and encrypted passwords via Pastebin. While this breach focused on Russian civilians, THT explicitly threatened continued attacks against commercial entities. By January 2, 2016, the group shifted tactics to large-scale DDoS attacks, successfully disrupting multiple high-profile government sites. Iranian targets included the Ministry of Information, Ministry of Foreign Affairs, Ministry of Energy, and the Iranian President’s official website. Russian victims spanned agencies like the Ministry of Far East Development, Ministry of Construction, ROSATOM, and Customs Ministry. THT publicly claimed responsibility via Twitter and a justpaste.it link documenting downtime evidence, though no mitigation efforts or technical responses from affected Iranian entities were disclosed in available reporting. The coordinated attacks highlighted THT's capability to disrupt critical government infrastructure across geopolitical adversaries during this period.