Cyber Incident Victim: Federal Customs Service
Date:
Jan 2016
Location:
Russia
Summary
A Turkish hacker group known as Turk Hack Team conducted a series of cyberattacks targeting Russian and Iranian entities, motivated by geopolitical tensions following the downing of a Russian military aircraft. The attacks included defacing government and banking websites with anti-Putin messages, leaking personal data of citizens from compromised online shopping platforms, and executing distributed denial-of-service (DDoS) operations that disrupted multiple critical government agencies. Among the affected Russian entities was the Federal Customs Service, alongside ministries responsible for energy, construction, and atomic energy, as well as Iranian presidential and foreign affairs portals. The group publicly claimed responsibility for these incidents, vowing to continue their campaign against organizations opposing Turkish policies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late December 2015 and early January 2016, the Turk Hack Team (THT) executed a series of cyberattacks against Russian and Iranian government entities following geopolitical tensions between Turkey and Russia. The campaign began on December 25, 2015, with THT defacing over 2,000 Russian and Iranian websites, including replacing content with anti-Putin messages accusing the Russian president of treachery and warning of future retaliation. The defacements coincided with THT hackers compromising the Russian Embassy in Israel’s website to display a Turkish flag and claiming unauthorized access to a Russian bank’s data. On December 26, THT escalated operations under "OpRussia," leaking personal data of hundreds of Russian citizens obtained from online shopping platforms. The leaked records included names, cities, phone numbers, email addresses, and encrypted passwords, accompanied by threats to continue targeting commercial entities.
The attacks intensified on January 2, 2016, as THT shifted focus to distributed denial-of-service (DDoS) assaults, temporarily disrupting critical Russian federal agencies. Confirmed targets included the Russian Federation Ministry of Customs, Ministry of the Russian Far East Development, Ministry of Construction, and the State Atomic Energy Corporation ROSATOM. Iranian government websites such as the Ministry of Foreign Affairs, Ministry of Energy, and the Iranian President’s official site were also impacted. THT publicly documented downtime evidence for Russian targets, though specific technical details of the DDoS methods or data exfiltration techniques were not disclosed. No remediation efforts or organizational responses from the affected entities were detailed in available reporting. The group reiterated its intent to persist with cyber operations against entities opposing Turkish political interests.