Cyber Incident Victim: Isbank
Date:
Dec 2015
Location:
Turkey
Summary
A cyberattack attributed to the hacktivist group Anonymous targeted Turkish government entities and financial institutions, including Isbank, through distributed denial-of-service (DDoS) attacks that disrupted online services and financial transactions. The attackers claimed motivation was Turkey's alleged support for ISIS, threatening further strikes on critical infrastructure like airports and banking systems if ties persisted. Reports indicated approximately 50,000 compromised local computers contributed to the attacks, which paralyzed websites and hindered operations. This incident followed a pattern of prior Anonymous cyber offensives against the country during periods of political tension.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late December 2015, Turkey experienced a sustained cyberattack campaign targeting government and financial sector websites, including major banks such as Isbank, Garanti, and Ziraat Bank. The hacktivist group Anonymous claimed responsibility for the attacks, which primarily utilized distributed denial-of-service (DDoS) techniques to overwhelm target servers with traffic. The two-week offensive intensified during the Christmas period, crippling online transactions and causing significant disruptions to banking operations and government services. Anonymous released a video explicitly stating their motivation as retaliation against Turkey's alleged support of the Islamic State (ISIS), threatening to escalate attacks against critical infrastructure if the government continued this alleged support. The group warned of impending strikes against root DNS systems, airports, military assets, and private state communications, specifically vowing to "destroy critical banking infrastructure." YouTube subsequently removed the video containing these threats. Security experts estimated approximately 50,000 compromised computers within Turkey contributed to the DDoS attacks, though the article did not specify whether these were willingly participating systems or infected devices in a botnet.
The attacks paralyzed online services across multiple financial institutions and government agencies, though the article provided no specific details about Isbank's operational recovery timeline or financial losses. Anonymous had previously targeted Turkish infrastructure during 2013 anti-government protests, indicating a pattern of hacktivist operations during periods of political tension. No Turkish government response or mitigation efforts were detailed in the source material, nor were any technical countermeasures implemented by the affected banks described. The incident highlighted vulnerabilities in Turkey's online financial infrastructure to large-scale DDoS operations, particularly through the exploitation of locally compromised systems. While the attacks disrupted banking transactions and government services during the peak holiday period, the article contained no information about data breaches, financial theft, or long-term system compromises resulting from the incident.