Kremlin-linked hackers behind attacks targeting Turkish gov’t

Researchers from Trend Micro, a security software company, claimed Pawn Storm, a hacking group believed to have links with the Russian government, were behind a string of attacks targeting websites belonging to the Turkish government and a newspaper.

In a blog post, researchers said Pawn Storm, which launched attacks on a list of targets known for their anti-Russian stance, targeted the Prime Ministry, Parliament, the Prime Ministry’s Directorate General of Press and Information, as well as Hürriyet newspaper, during January and February. Researchers said Trend Micro had warned the government at an early stage to mitigate the impact of the attacks. Researchers added that the cyberattack group created a series of fake email servers to gain access to computer networks of the agencies mentioned above. They also said Pawn Storm used a network infrastructure based in the Netherlands.

Trend Micro describes Pawn Storm as an active economic and political cyberespionage operation that targets a wide range of high-profile entities, from government institutions to media personalities, and estimates the date the hacking group became active as 2004. The group has previously compromised websites of the Polish government, military and defense institutions in the United States, as well as Ukrainian activists and others perceived as opposing the policies of the Russian government.

Turkey’s ties with Russia were strained after November, when a Russian fighter jet that violated Turkish air space was shot down by the Turkish Armed Forces.

Turkey last year fell victim to some of the most intense cyberattacks in recent history, which led to collapse of online systems and forced major banks to temporarily shut down their websites. Though it was not clear who was behind the string of attacks, experts indicated the attacks originated from abroad, while media reports suggested that a flood of traffic to Turkish Internet servers handling more than 300,000 websites could be coming from Russia. The disruptive traffic, known as Distributed Denial of Service (DDoS) attacks – in which thousands of computers targeted at specific Internet targets – resulted in web speeds plummeting at some sites, according to, a nongovernmental body administering addresses for websites using Turkey’s “.tr” country code top-level domain.