Pawn Storm targets Turkish government, says Trend Micro

News by Max Metzger

Trend Micro has identified what it believes to be the APT group Pawn Storm's fingerprints all over recent attacks on Turkish government departments.

The APT espionage group known as Pawn Storm has set its sights on Turkey, according to Trend Micro. Among its targets, the APT group has launched attacks on the office of Ahmet Davutoglu, the Turkish prime minister, the Turkish parliament and the the popular daily paper, Hürriyet.

The group apparently used a VPS based in Holland to launch its campaign. Trend notes that the group has used this particular VPS provider before, as have other famous hacker groups like DustySky and Carbanak.

The prolific APT group, also known as Sofacy, Fancy Bear or APT 28, are named after the chess strategy wherein pawns are rapidly deployed against the opponent. 

The group's fingerprints have been seen in the electronic crime scenes of plenty of high level attacks. Late last year, the group attacked NATO and the White House while pretending to be the privacy advocacy group the Electronic Frontier Foundation. 

The group has also targeted Blackwater, the private military company, the sovereign state of Georgia and the french TV channel TV5Monde. Pawn Storm were even purportedly behind a six-month attack against the German parliament in 2014.

False flag tactics seem to be a favourite for this group, perhaps because Pawn Storm is widely believed to be a proxy of the Russian state, attacking the enemies of Putin such as the embattled Syrian opposition.

And Pawn Storm's most recent attacks against Turkey seem to only strengthen that assertion.

Russia's relations with Turkey quickly chilled after Turkish armed forces shot down a Russian jet for apparently violating sovereign airspace, sparking a series of public escalations between each side. Russia quickly accused Turkey of materially aiding the Islamic State and broke contact with the Turkish military.

Perhaps the Kremlin is still sore from the international fiasco of November 2015. That said, attribution can be tough to figure out with any certainty. Even if Pawn Storm does come from Russia and is pursuing the geopolitical objectives of the state, it doesn't mean that its members are part of or associated with the state itself. spoke to Ewan Lawson, an expert in cyber-warfare at the Royal United Services Institute, who said, “The interesting question remains as to the extent that this is being directed or organised by the Russian state and in particular those close to the leadership.”

Estonia was subjected to an onslaught of cyber-attacks after a debacle concerning the moving of an old Soviet Statue from the country's capital in 2007. While most suspected the Russian state to be holding the puppet strings in the case (and many still do), a Kremlin backed youth group eventually admitted responsibility, adding that the Russian government was not involved. 


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews