Cyber Incident Victim: Russian Federation Ministry of Customs

The Turk Hack Team (THT), a Turkish hacker group, initiated a series of cyber attacks against Russian and Iranian entities between December 2015 and January 2016, motivated by geopolitical tensions following Turkey's downing of a Russian fighter jet near the Syrian border. On December 25, 2015, THT defaced over 2,000 Russian and Iranian websites, replacing content with anti-Putin messages accusing the Russian president of treason and warning of consequences for the jet incident. Defaced pages displayed poorly translated English text threatening Putin's removal from power, while compromised Iranian sites received similar politically charged treatment. The following day (December 26), THT escalated operations under "OpRussia," leaking personal data of hundreds of Russian citizens stolen from online shopping platforms on Pastebin. The dataset included names, cities, phone numbers, email addresses, and encrypted passwords, accompanied by threats to continue targeting Russian commercial entities.

On January 2, 2016, THT shifted tactics to large-scale DDoS attacks, successfully disrupting multiple high-profile government websites. Russian targets included the Ministry of the Russian Far East Development, Ministry of Construction, State Atomic Energy Corporation ROSATOM, and the Ministry of Customs, with attackers claiming complete takedowns of these sites. Iranian government portals suffered parallel disruptions, affecting the Ministry of Information, Ministry of Foreign Affairs, Ministry of Energy, and the Iranian President's official website. THT publicly documented these outages through screenshots and a dedicated justpaste.it link, while also promoting their activities via Twitter. The attacks caused operational disruptions to governmental digital services, exposed sensitive citizen data, and served as a platform for geopolitical messaging, though no official response or mitigation efforts from affected governments were detailed in available reports.