Cyber Incident Victim: Ministry of the Russian Far East Development
Date:
Jan 2016
Location:
Russia
Summary
Turk Hack Team conducted a series of cyber attacks against Russian and Iranian entities, including the Ministry of the Russian Far East Development, motivated by geopolitical tensions following military incidents. The group defaced websites with anti-Putin messages, leaked personal data of Russian citizens from online shopping platforms, and executed DDoS attacks that disrupted multiple government ministry websites in both countries. Iranian targets included presidential and foreign affairs sites. The attacks aimed to protest national policies and demonstrate retaliation, with the hackers publicly claiming responsibility and threatening continued operations against perceived adversaries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Turk Hack Team (THT), a Turkish hacker group, initiated a series of cyberattacks against Russian and Iranian entities between December 2015 and January 2016, motivated by geopolitical tensions following Turkey’s downing of a Russian fighter jet near the Syrian border in November 2015. On December 25, 2015, THT defaced over 2,000 Russian and Iranian websites, replacing content with anti-Putin messages accusing the Russian president of treachery and warning of future consequences. One defacement message stated, "Putin, knowingly and willfully planned airplane attack and the citizen on death. This has caused you to be you’re a traitor... the Russian people will cut you out of that seat." Specific Russian targets included the Russian Embassy in Israel’s website, which displayed a Turkish flag, and a Russian bank’s site, where THT claimed to have stolen data.
The attacks escalated on December 26, 2015, under "Operation OpRussia," with THT leaking personal data of hundreds of Russian citizens on Pastebin. The dataset included names, cities, phone numbers, email addresses, and encrypted passwords allegedly harvested from Russian online shopping platforms. THT warned, "The attacks will continue. These data were obtained from different Russian sites. Especially the shopping sites and companies." On January 2, 2016, THT shifted tactics to distributed denial-of-service (DDoS) attacks, targeting critical Russian government infrastructure. The Ministry of the Russian Far East Development, the Ministry of Construction, ROSATOM (State Atomic Energy Corporation), and the Ministry of Customs were among the Russian entities whose websites experienced downtime. Iranian government sites, including the Ministries of Information, Foreign Affairs, Energy, and the President’s official portal, were also disrupted. THT publicly documented the DDoS campaign via social media and a justpaste.it link, though specific technical details of the attacks or mitigation efforts were not disclosed in available sources. The incidents collectively demonstrated sustained disruption of government operations, reputational damage through defacements, and exposure of citizen data.