The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses. The Anomali Labs research team has published a report providing an overview of the crisis, the key players involved, and analysis of potential cybersecurity reactions.
The political tension between the US and Turkey relates an American pastor, Andrew Brunson, who has lived in Turkey for over twenty years. Brunson was arrested in 2016 as part of a broad crackdown on dissidents believed to have taken part in a failed military coup. He was accused of “Political or military espionage, attempting to overthrow the government, attempting to overthrow the Turkish Grand National Assembly, and attempting to overthrow constitutional order."
President Donald Trump has personally intervened to secure the release of Brunson, tweeting on April 17: “Pastor Andrew Brunson, a fine gentleman and Christian leader in the United States, is on trial and being persecuted in Turkey for no reason. They call him a Spy, but I am more a Spy than he is. Hopefully, he will be allowed to come home to his beautiful family where he belongs!” and on July 18: “A total disgrace that Turkey will not release a respected US Pastor, Andrew Brunson, from prison. He has been held hostage far too long. @RT_Erdogan should do something to free this wonderful Christian husband & father. He has done nothing wrong, and his family needs him!”
Relations between Turkey and the United States have been strained for some time because of ongoing concerns over Turkey’s desire to purchase Russia’s S-400 air defense system. This has led to the United States potentially withdrawing the supply of F-35 stealth fighters, despite heavy investment from Turkey. The escalation of tensions and the fall in the Turkish Lira have led to a drive-by shooting in Ankara where two men have been arrested for firing at the US Embassy. Additionally, we have observed an increase in offensive cyber activity from patriotic hacktivist groups in Turkey that we believe are in direct response to some of the geopolitical events mentioned above.
There are two active Turkish patriotic hacktivist groups, Aslan Neferler Tim and the Turk Hack Team. Historically, Aslan Neferler Tim has been known to respond offensively to political issues adversely impacting Turkey. Since the announcements of sanctions and increased tariffs on the Turkish economy, Aslan Neferler Tim has claimed attacks against the US Federal bank and President Trump’s holiday and hotel websites. They have also claimed a targeted attack against the site of an American bank. There has also been an increase in website defacements since July 31st (after a period of inactivity since March). The group claimed a distributed denial of service (DDoS) attack on the United States Library of Congress in July 2016 motivated by the perception that the United States had played a role in the attempted coup in Turkey of the same year.
Download the full report from Anomali Labs including a timeline of incidents and conclusions and recommendations.