Turkey was concerned that offensive Russian cyber operations in Syria were targeting Turkish entities and interests and sounded alarm bells that infiltration and hacking attempts might be launched, a classified internal memo from 2016 has shown.
According to the memo, a copy of which was obtained by Nordic Monitor, the Russian cyber operations were pursued through a group known as Advanced Persistent Threat 28 (APT28), which was set up in 2007 under the Russian Main Intelligence Directorate (GRU). APT28 was also alleged to have been a branch of the Federal Security Service (FSB), but no mention of that was made in the memo.
It warned that Russia had used its cyber capabilities in earlier conflicts such as Georgia, Ukraine and South Ossetia and would also want to exploit the cyber domain in Syria to achieve geopolitical objectives.
APT28 not only conducts cyber espionage and steals data but also attempts to influence the flow of information about the conflict, the note underlined, adding that Russian hacker groups other than APT28 had already carried out a series of attacks against Turkish government entities, private industry, aid groups and human rights organizations.
The internal memo:Memo_Cyber_offense_Russia
According to the assessment, Russia would first gain a foothold in the target networks, followed by other actions such as using malware to erase, modify or damage data to propagate disinformation and misinformation from official accounts and exploiting vulnerabilities gleaned from contact books and mailing lists of nongovernmental organizations (NGOs) to gather more highly sensitive intelligence.
The assessment was made by the General Staff’s Combat Electronic Information Systems (MEBS) unit and was based on available intelligence including from the NATO sources. it was believed that Russia had in fact targeted Turkey in particular since Turkey had shot down a Russian jet that was in violation of Turkish airspace in November 2015. The Turkish military concluded that Russia was already behind in a series of recent attacks on Internet infrastructure, the finance industry and the health sector in Turkey.
An attempt to take down the Turkish General Staff’s website on November 26, 2015 was also blamed on Russia. No data loss or service interruption was recorded during the attack, the memo noted.
According to Turkish military assessment, the intranet system (TSK-İç NET) is safe from hacking attempts as it is not connected to the Internet. However, the Turkish military Internet system (TSK-Dış NET), which registers secret communications, may be open to Russian cyber attacks, the note warned, saying that necessary precautions were being taken on a 24-hour basis to prevent any infiltration.
The memo was submitted to the General Staff on May 27, 2016 by Col. Can Sert, the director of the Cyber Event Center (Siber Olay Merkezi).