Turkish government likely to be behind ongoing campaign of DNS hijacking incidents targeting rival countries, Western officials say
Western national security officials have accused the Turkish government of being behind an ongoing campaign of cyber-attacks targeting at least 30 organisations, according to a report.
The organisations attacked have included government ministries, embassies and security services, as well as private companies and other organisations, Reuters said.
The targets have reportedly Cypriot and Greek government email services and the Iraqi government’s national security adviser, amongst others.
The incidents have been occurring since early 2018 and possibly before that, Reuters said.
They involve DNS hijacking techniques that give the attackers access to data passing back and forth to a web server.
The attacks have targeted cloud-based services that are not hosted on an organisation’s own internal network, making them more difficult to detect, Reuters said.
The attacks, which involved breaching domain registries, reportedly succeeded in collecting sensitive data such as login usernames and passwords.
Reuters cited two British security officials and one from the US as saying the incidents appeared to be backed by a nation-state and aimed at furthering Turkish interests.
The officials said their assessment was based on the relevance of the targets to Turkey, similarities to previous attacks that used infrastructure registered from Turkey, and classified intelligence.
Multiple waves of attacks appear to be linked because they use the same servers and other infrastructure, the officials said.
Turkey’s Interior Ministry declined to comment, while a senior official said Turkey was itself frequently targeted by cyber-attacks.
The Cypriot government said the attacks had been “immediately” contained, while Greek officials said there was no evidence the Greek government email system had been compromised.
The Iraqi government did not immediately respond to a request for comment.
Email services and cloud storage systems are amongst the services reportedly targeted.