Cyber Incident Victim: Belgrad
Date:
Sep 2022
Location:
Greece
Summary
A media network and its partner outlet experienced distributed denial-of-service attacks following an investigation into a Turkish businessman's fraudulent acquisition of honorary Greek citizenship. The attacks overwhelmed servers with millions of IP connections, temporarily rendering the primary website inaccessible while the partner's platform remained offline for an extended period. The coordinated assaults targeted content exposing how citizenship privileges were allegedly exploited for financial gain, mirroring previous cyber disruptions against another outlet that reported on the same individual's criminal background and controversial honors. Technical defenses eventually mitigated the primary attack after sustained efforts to repel the traffic flood.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 10, 2022, the Balkan Investigative Reporting Network (BIRN) and its Greek media partner Solomon experienced sustained distributed denial-of-service (DDoS) attacks targeting their websites. The attacks commenced at 7:30 AM on Saturday, triggering immediate alarms within BIRN’s technical team, which began mitigation efforts within 30 minutes. An IT security expert described the incident as unprecedented in intensity, noting that at its peak, the attack generated approximately 35 million distinct IP connections originating globally, overwhelming server capacity. This volume of malicious traffic caused BIRN’s flagship Balkan Insight website to become completely inaccessible during critical phases of the assault. Technical analysis confirmed the attackers specifically targeted the webpage hosting a joint investigative report into Turkish businessman Yasam Ayavefe, who had controversially obtained honorary Greek citizenship despite a 2017 fraud conviction in Turkey. While BIRN successfully repelled the attack by Sunday evening, Solomon’s website remained incapacitated into Monday morning, with the outlet confirming via Twitter that a "massive DDoS attack" continued to disrupt its operations. A DDoS attack functions by flooding target infrastructure with artificial traffic to disrupt legitimate access, a method frequently employed to suppress specific online content.
The cyber attacks directly followed BIRN and Solomon’s publication of an investigation exposing how Ayavefe, arrested in Greece in 2019 for attempting to cross into Bulgaria using a forged Greek passport, subsequently acquired honorary citizenship through a financial scheme rather than cultural merit. The report revealed that Greece’s honorary citizenship mechanism, traditionally reserved for promoting national culture, had been exploited as a "golden visa" pathway for wealthy individuals. Solomon’s Twitter statement emphasized this shift in policy implementation. This was the second such incident targeting media outlets covering Ayavefe; Greek investigative outlet Inside Story had previously suffered a DDoS attack in July 2022 after publishing its initial exposé on the businessman’s citizenship, which ignited public controversy regarding his eligibility. BIRN’s technical infrastructure withstood compromise during the attack, though service availability suffered significant degradation. Solomon faced prolonged disruption, indicating variable resilience between the two organizations’ defenses. No data breaches or secondary attack vectors were reported, with impacts confined to temporary takedowns of public-facing web services hosting the controversial journalistic content.