Cyber Incident Victim: Hellenic Ministry of Foreign Affairs
Date:
Jan 2020
Location:
Greece
Summary
A cyber-attack targeting Greek government entities, including the Ministry of Foreign Affairs, Parliament, Finance, and National Intelligence Services, disrupted operations through denial-of-service (DoS) attacks, forcing several websites offline. Turkish hacker group Anka Neferler claimed responsibility, citing retaliation over geopolitical disputes related to Eastern Mediterranean gas agreements. The Foreign Affairs outage hindered consular and embassy communications internationally, prompting operational challenges. While no data theft occurred, Greek authorities mitigated damage by disconnecting overwhelmed servers. In response, hackers affiliated with Anonymous Greece launched retaliatory attacks against Turkish websites, impacting email services, government VoIP systems, and emergency call infrastructure. Investigations into the incident remain ongoing without conclusive attribution from server evidence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 17, 2020, multiple Greek government websites and critical services experienced disruptive cyber-attacks, leading to widespread outages. The affected entities included the Greek Parliament, Ministry of Foreign Affairs, Ministry of Finance, National Intelligence Services (EYP), Athens Stock Market, and several private businesses. A Turkish hacker group named Anka Neferler claimed responsibility for the attacks, citing retaliation against Greece’s refusal to recognize a November 2019 bilateral agreement between Turkey and Libya concerning economic zone demarcation in the Eastern Mediterranean gas region. The attackers employed Denial of Service (DoS) techniques, flooding target networks with traffic to overwhelm servers and disrupt operations. Greek authorities detected the anomalous traffic surge and proactively disconnected affected servers to limit damage, though the Parliament’s website remained offline due to the attack’s intensity. Initial assessments confirmed no data exfiltration or theft occurred during the incident.
The cyber-attacks caused immediate operational disruptions, particularly at the Ministry of Foreign Affairs, where website and service outages impaired communication channels between Greek consulates, embassies, and central government systems. Analysts projected these disruptions would create logistical challenges for diplomatic operations in subsequent weeks. In response, a hacktivist group identifying as Anonymous Greece launched retaliatory cyber-attacks against Turkish targets, compromising email services, government VoIP systems, and the country’s ‘112’ emergency call infrastructure. Greek government sources emphasized the DoS nature of the original attacks and confirmed ongoing investigations to attribute the incident definitively. Despite Anka Neferler’s public claim, forensic analysis of compromised servers yielded no direct evidence identifying the perpetrators. The incident underscored the geopolitical tensions influencing cyber operations in the region, with both nations experiencing reciprocal disruptions to critical digital services.