ATHENS – While there was concern over cyberattacks in January against the offices of Greece’s premier and other top ministries, as well as public security offices, an April 2019 breach also reportedly targeted the government.
The cyberattack, code named Sea Turtle, also went after the Ministry of Foreign Affairs, the National Intelligence Service (EYP) and the Hellenic Police (ELAS) said Kathimerini, citing unidentified sources who verified the breach without saying if critical information had been compromised by foreign spies seen behind the electronic assault.
The attack was caught by officials from the cyber security team of then-Prime Minister and Radical Left SYRIZA leader Alexis Tsipras, over an unusual email malfunction as the hackers got into the system.
They immediately notified the Incident Response Team of the Foundation for Research and Technology – Hellas (FORTHcert) and the police cybercrime unit, the paper said, with technical teams immediately dispatched, going to Iraklio on the island of Crete where FORTH’s Institute of Computer Science is located.
An official with knowledge of the events, who spoke to Kathimerini on the condition of anonymity, said the first suspicions turned to Crete where technicians believed the attack was launched against the .gr and .el domain names registry, whose technical support is provided by FORTH.
Their suspicions were confirmed by their investigation that revealed an ongoing DNS (Domain Name Service ) hijacking attack taking advantages of vulnerabilities in a system with no word on what kind of defenses Greece had in place.
A second official also not named told the paper that sophisticated attackers accessed the servers of the four crucial government agencies and services by sending a misleading message to get into the computer of a FORTH employee and the internet namespace.
They then managed to access the servers that handled the emails with extensions @primeminister.gr, @mfa.gr, @nis.gr and @astynomia.gr. There were worries the attackers read or copied messages exchanged by the officials of the four government agencies.
Greek diplomats and police officers who were asked about it told the paper, however, that no confidential information was being circulated through those emails without revealing what they were used for otherwise.
There was no claim of responsibility from the cyberattackers and the report said they tried to erase tracks they had invaded the system, leading officials to believe they were spies.
The January attack on Greece’s official ministries website, ranging from the Prime Minister and National Intelligence Service to public safety authorities may have been the work of Turkish hackers targeting governments and groups in Europe and the Middle East.
Three senior security officials who weren’t named told the news agency Reuters that the group – said to be tied to Turkey’s government – broke into the sites of at least 30 groups and government ministries, including Cyprus and Greece’s emails in 2018-19 but no evidence emerged they were behind the recent data blocking in Greece.
The attacks involve intercepting internet traffic to victim websites, potentially enabling hackers to obtain illicit access to the networks of government bodies and other organizations, the news agency said about the sweeping breadth of the hack attacks.
The security officials, two British and one American, said the activity bore the signature of a state-backed cyber espionage operation conducted to advance Turkish interests with Greece and Turkey near the boiling point over claims to the seas.It wasn’t said if that was Anka Neferler Tim (Phoenix’s Helmets) which said it hacked in as a response to Greek “threats” against Turkey which is drilling for oil and gas in Cypriot sovereign waters and signed a deal with Libya dividing the seas, planning to also hunt for energy off Crete.