Cyber Incident Victim: Türk Telekom
Date:
Oct 2019
Location:
Turkey
Summary
A cyberattack targeting Türk Telekom, Turkey's largest service provider, caused nationwide internet disruptions affecting multiple institutions, including a major bank that experienced distributed denial-of-service (DDoS) impacts on digital services. The company's cybersecurity team intervened promptly to halt the attacks and restore normal traffic, while other providers implemented protective measures. The incident involved relatively small-scale DDoS traffic originating from abroad, with reported sources including several foreign countries. The attacked bank confirmed no compromise to customer data security despite temporary access issues, particularly for international users. Service providers emphasized their preparedness against such attacks, noting the incident's resolution through existing defense systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 27, 2019, Türk Telekom, Turkey’s largest telecommunications service provider, experienced cyberattacks that disrupted internet traffic nationwide. The attacks also affected Garanti BBVA, a major Turkish bank, and multiple other institutions, causing widespread access problems to digital services. Türk Telekom Deputy Technology Director Yusuf Kıraç confirmed the cyberattacks in a statement on October 28, noting they impacted "some institutions" and were comparable to threats faced by large nations globally. The company’s cybersecurity team intervened promptly, neutralizing the attacks through unspecified defensive measures and restoring normal inbound and outbound internet traffic. Kıraç emphasized Türk Telekom’s preparedness for such incidents, citing its robust defense systems and status as Turkey’s largest cybersecurity department. Concurrently, Garanti BBVA reported intense traffic overwhelming its digital platforms, leading to access disruptions, particularly for users abroad. The bank attributed the incident to a distributed denial-of-service (DDoS) attack but assured customers that no data privacy or financial security risks occurred. Both organizations resolved most service issues within a day, though Garanti BBVA continued working to fully restore international access to its digital services.
Cybersecurity experts cited in media reports characterized the attack as a DDoS incident generating approximately 100 gigabytes per second of traffic—considered relatively small in scale. Analysis indicated the attacks originated from foreign sources, with the Sabah newspaper identifying the United States, Canada, Russia, and China as primary locations. This incident followed a pattern of cyber threats against Turkish infrastructure, including a March 2018 malware campaign by a North Korean hacker group targeting Turkey’s financial sector. Historical precedents also included Anonymous-led attacks in 2011–2012 against Turkish internet infrastructure and a 2015 DDoS campaign that disrupted over 400,000 .tr-domain websites for two weeks. Türk Telekom’s response highlighted proactive containment, while Garanti BBVA maintained transactional security despite service interruptions. No additional threat actors, specific vulnerabilities, or long-term operational consequences beyond the immediate disruptions were detailed in available reports.