Cyber Incident Victim: Ministry of Energy of Iran

The Turk Hack Team (THT), a Turkish hacker group, initiated a series of cyber attacks against Iranian and Russian entities between December 2015 and January 2016. On December 25, 2015, THT defaced over 2,000 Russian and Iranian websites, including government platforms, displaying anti-Putin messages accusing the Russian president of treachery and warning of future consequences. The defacement campaign coincided with heightened geopolitical tensions following Turkey's downing of a Russian fighter jet near the Syrian border in November 2015. One day later, on December 26, THT escalated operations under "OpRussia" by leaking personal data of hundreds of Russian citizens on Pastebin. The stolen records included names, cities, phone numbers, email addresses, and encrypted passwords allegedly harvested from Russian online shopping platforms, accompanied by threats of continued attacks against commercial entities.

On January 2, 2016, THT shifted tactics to large-scale distributed denial-of-service (DDoS) attacks targeting critical infrastructure websites in both nations. Russian victims included the Ministry of the Russian Far East Development, Ministry of Construction, State Atomic Energy Corporation ROSATOM, and Ministry of Customs. Iranian government systems compromised in this phase included the Ministry of Energy, Ministry of Information, Ministry of Foreign Affairs, and the official website of Iran's President. The attacks caused confirmed downtime across multiple high-profile domains, though specific technical details regarding attack duration or mitigation efforts were not disclosed. THT publicly claimed responsibility for these operations through social media channels, framing them as retaliation against perceived adversaries of Turkish national interests. No subsequent data breaches or system compromises beyond the initial DDoS disruptions and prior data leaks were documented in the available reporting.