Cyber Incident Victim: Garanti BBVA
Date:
Dec 2015
Location:
Turkey
Summary
A cyberattack attributed to Anonymous targeted Turkish government entities and financial institutions, including Garanti BBVA, through distributed denial-of-service (DDoS) attacks that disrupted online services and financial transactions. The hacktivist group claimed responsibility, citing Turkey's alleged ties to ISIS as motivation, and threatened further attacks on critical infrastructure like airports and military systems if support continued. Reports indicated approximately 50,000 compromised computers within the country were unwittingly leveraged in the attacks, which overwhelmed servers and paralyzed targeted websites. This incident followed prior Anonymous cyber offensives against Turkey during periods of political unrest.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late December 2015, Turkey experienced a sustained cyber campaign attributed to the hacktivist collective Anonymous, targeting government entities and financial institutions including Garanti BBVA. The attacks began approximately two weeks before Christmas 2015 and escalated in intensity during the holiday period, employing distributed denial-of-service (DDoS) techniques to overwhelm online systems. Anonymous publicly claimed responsibility through a video statement, explicitly citing Turkey's alleged support for the Islamic State (ISIS) as motivation for the attacks. The group threatened to continue targeting Turkey's internet infrastructure, specifically mentioning root DNS systems, banking networks, government websites, and critical infrastructure including airports and military assets. Financial sector impacts were significant, with Garanti BBVA, İşbank, and Ziraat Bank confirmed as primary targets experiencing service disruptions that paralyzed online transactions. Security analysts estimated approximately 50,000 compromised Turkish computers were unwittingly participating in these attacks, amplifying the DDoS traffic flooding targeted servers.
The operational consequences manifested as widespread unavailability of banking and government websites during peak attack periods, severely limiting public access to digital services. Anonymous reinforced their threats in the now-removed YouTube video, warning of escalated attacks against financial infrastructure unless Turkey ceased alleged ISIS support. YouTube subsequently took down the group's manifesto video, constituting one documented response action. Historical context indicates this formed part of Anonymous' recurring operations against Turkey, following similar cyber offensives during 2013 anti-government protests. No specific remediation measures taken by Garanti BBVA or other affected banks were detailed in available reporting, though the sustained two-week attack duration suggests persistent infrastructure targeting. The incident highlighted vulnerabilities in Turkey's financial sector networks to coordinated DDoS campaigns leveraging compromised domestic systems.