Cyber Incident Victim: Russian Ministry of Construction, Housing and Utilities
Date:
Jan 2016
Location:
Russia
Summary
A Russian federal ministry responsible for construction and utilities was targeted in a series of cyber operations by the Turk Hack Team (THT), alongside other government entities and critical infrastructure. The attacks included website defacements displaying anti-government messages, mass data theft involving personal information of citizens from online platforms, and disruptive DDoS campaigns that temporarily disabled multiple official sites. These actions were part of a broader retaliatory effort following geopolitical tensions between Turkey and Russia, with the group explicitly citing political motivations against national leadership. The incidents collectively demonstrated website compromises, sensitive data exposure, and sustained disruption to public services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Turk Hack Team (THT), a Turkish hacker group, initiated a series of cyber attacks against Russian and Iranian entities between December 2015 and January 2016. These attacks began on December 25, 2015, when THT defaced over 2,000 Russian and Iranian websites, including those affiliated with government and financial institutions. The defacements displayed anti-Putin messages accusing the Russian president of treachery and warning of consequences for his actions. One defaced Russian bank website also featured claims of stolen data, though specific evidence of data exfiltration was not detailed in available reports. The following day, December 26, THT escalated operations under "OpRussia" by leaking personal information of hundreds of Russian citizens on Pastebin. The compromised data included names, cities, phone numbers, email addresses, and encrypted passwords allegedly harvested from Russian online shopping platforms. The group explicitly threatened continued attacks against commercial websites and companies in their leak announcement.
On January 2, 2016, THT shifted tactics to large-scale DDoS attacks, targeting critical Russian government infrastructure. Among the primary victims was the Russian Federation Ministry of Construction, Housing and Utilities, alongside the Ministry of the Russian Far East Development, ROSATOM (State Atomic Energy Corporation), and the Ministry of Customs. Iranian government portals including the Presidential website, Ministries of Information, Foreign Affairs, and Energy were simultaneously disrupted. THT publicly claimed responsibility via Twitter and a justpaste.it link documenting attack timelines and downtime screenshots. The DDoS campaigns caused measurable service interruptions across affected sites, though duration and full technical impacts were not quantified in open-source reporting. No remediation efforts or responses from victim organizations were documented in available materials. The attacks represented a coordinated retaliation following geopolitical tensions, notably Turkey's downing of a Russian fighter jet near the Syrian border in November 2015.