Cyber Incident Victim: Solomon
Date:
Sep 2022
Location:
Greece
Summary
A Greek independent media outlet and its regional partner experienced a sustained DDoS attack following their joint investigation into a Turkish businessman's controversial acquisition of honorary Greek citizenship. The attack overwhelmed their websites with millions of malicious connections, specifically targeting the investigative content and temporarily rendering one partner's flagship site inaccessible while the Greek outlet remained offline for an extended period. This disruption mirrored previous attacks against another outlet that had reported on the same individual, whose fraudulent background and citizenship grant were central to the exposed scheme. Technical teams successfully mitigated the assault against the regional partner after intense efforts, though the Greek outlet's platform required prolonged recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 10, 2022, the Balkan Investigative Reporting Network (BIRN) and its Greek media partner Solomon experienced sustained distributed denial-of-service (DDoS) attacks targeting their websites. The attacks commenced at approximately 7:30 AM on Saturday, triggering immediate alarms within BIRN's technical teams. By 8:00 AM, IT security personnel initiated countermeasures against the escalating assault, which peaked with over 35 million distinct IP connections flooding BIRN's infrastructure from global sources. This unprecedented traffic volume completely overwhelmed BIRN's flagship Balkan Insight website, rendering it temporarily inaccessible despite no server compromise occurring. The attackers specifically targeted the webpage hosting a joint investigative report exposing Turkish businessman Yasam Ayavefe's acquisition of honorary Greek citizenship despite his 2017 fraud conviction in Turkey and 2019 arrest in Greece for using falsified documents. While BIRN successfully mitigated the attack by Sunday evening through technical countermeasures, Solomon's website remained incapacitated through Monday morning as their systems continued facing active assault. Both organizations confirmed the attacks constituted deliberate retaliation for their journalistic work examining how Greece's honorary citizenship program was allegedly exploited for financial gain.
The coordinated cyber assaults directly responded to BIRN and Solomon's investigation published days prior, which revealed Ayavefe's controversial citizenship grant through a scheme critics equated to a "golden visa" program. This marked the second such attack against media outlets covering Ayavefe, following a July 2022 DDoS incident against Greek outlet Inside Story after their initial exposé on the businessman. The DDoS methodology employed massive botnet-driven traffic intended to exhaust server resources and suppress public access to the investigative content. Solomon publicly attributed the attacks to their reporting via Twitter on September 10, characterizing the incident as a "massive DDoS attack" deliberately timed to coincide with the publication's visibility period. Technical analysis confirmed the attackers focused efforts on disabling the specific article detailing Ayavefe's criminal background and citizenship acquisition process rather than attempting broader network infiltration. The sustained attacks caused significant operational disruption, requiring intensive defensive measures by IT teams over approximately 36 hours to restore partial functionality. Solomon experienced prolonged downtime extending beyond BIRN's recovery timeline, indicating asymmetric impacts between the partnered organizations despite shared targeting of their collaborative journalistic output.