Cyber Incident Victim: State Atomic Energy Corporation ROSATOM

The Turk Hack Team (THT), a Turkish hacker group, escalated cyber operations against Russian entities following geopolitical tensions after Turkey downed a Russian Su-24 fighter jet near the Syrian border on November 24, 2015. On December 25, 2015, THT defaced over 2,000 Russian and Iranian websites, replacing content with anti-Putin messages accusing him of treachery and endangering citizens. The defacements included political rhetoric warning of consequences for Russia's leadership. The following day (December 26), THT launched "OpRussia," leaking personal data of hundreds of Russian citizens from online shopping platforms on Pastebin, containing names, cities, phone numbers, emails, and encrypted passwords. The group explicitly threatened continued attacks against Russian commercial and governmental targets.

On January 2, 2016, THT shifted tactics to large-scale DDoS attacks, successfully disrupting multiple high-profile Russian government websites. The State Atomic Energy Corporation ROSATOM was among the confirmed targets, along with the Ministry of the Russian Far East Development, Ministry of Construction, and Ministry of Customs. Iranian government sites including the Presidential Office, Ministries of Information, Foreign Affairs, and Energy were simultaneously attacked. THT publicly claimed responsibility via social media and a justpaste.it document containing target lists and downtime screenshots. The attacks caused measurable service disruptions to ROSATOM's online presence, though no data breach or physical infrastructure compromise was asserted. This campaign represented a coordinated retaliation effort exploiting geopolitical friction, leveraging both data leaks and denial-of-service tactics to maximize visibility and operational impact against strategic entities.