Cyber Incident Victim: Documento
Date:
Feb 2023
Location:
Greece
Summary
A Greek media outlet experienced a DDoS cyber-attack that disrupted its websites and caused server downtime following investigative reporting on connections between a convicted fraudster's wife and criminal networks. The incident mirrored prior attacks on other media organizations that published investigations into the same individual, whose honorary Greek citizenship was controversially granted despite prior fraud convictions. Attack methodology involved overwhelming the sites with connection requests, paralleling a previous assault generating 35 million IP connections against affiliated outlets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13, 2023, Greek media group Documento experienced a distributed denial-of-service (DDoS) cyber-attack targeting its websites Documentonews.gr and Koutipandoras.gr. The attack overwhelmed the servers, causing them to go offline and resulting in widespread user connectivity issues. This incident occurred one day after Documento published an investigative report detailing connections between Yasam Ayavefe’s wife and Greek criminal organizations involved in producing counterfeit identification documents. The report revealed that a criminal syndicate specializing in forged IDs for individuals from Albania and former Soviet states had issued Ayavefe’s wife a fraudulent Greek identity card in December 2021. Ayavefe, a Turkish national convicted of online gambling fraud in 2017 and arrested in Greece in 2019 for attempting to cross into Bulgaria with a fake Greek passport, had controversially received honorary Greek citizenship in 2022 despite these legal issues. The timing of the cyber-attack immediately following this publication raised concerns about potential retaliation targeting Documento’s investigative journalism.
This marked the fourth instance of media outlets facing cyber-attacks after reporting on Ayavefe. Similar DDoS incidents previously disrupted BIRN’s partner outlets Solomon and Inside Story in September 2022 following their coverage of Ayavefe’s activities. During those attacks, Solomon’s IT security team registered 35 million distinct IP connections from global sources within hours, overwhelming their infrastructure and forcing the site offline. Documento’s technical responders engaged in active mitigation efforts during the February attack, mirroring the intense defensive measures described by Solomon’s IT expert, who characterized the earlier event as requiring a "fierce battle" against unprecedented traffic volumes. Although no technical attribution specifics were confirmed for Documento’s attack, journalist Marios Aravantinos noted a recurring pattern of digital suppression targeting outlets investigating Ayavefe’s affairs, emphasizing institutional concern over these coordinated disruptions. The attacks collectively highlighted operational vulnerabilities for independent media organizations covering high-risk corruption stories in Greece.