Turkish Hackers Go Phishing Using High-Profile Twitter Accounts

Turkish nationalist hackers have been conducting a campaign of hijacking high-profile verified Twitter accounts and posting pro-Turkey and pro-Pakistan propaganda, McAfee Advanced Threat Research warned Tuesday.

It’s far from the first time Ayyildiz Tim, founded in 2002, has wreaked havoc online. In 2013, the hacking group defaced the website of the United Nations team in Ethiopia with al-Qaeda imagery. The group is known for mingling jihadist and secular Turkish content in the material they leave on hacked pages.

“Whoever has bad ideas about our religion and our country including internet websites we will fight with them, All Turkish origins from all over the world we are together, we don’t afraid anyone we will give answers, whoever let cruelty, and countries who make cruelty others wait our visit, Turks has no patience anymore,” the hackers wrote on the UN page in English.

Among other websites hacked in that sweeping attack was Kenya’s Ministry of Transport. “All the muslims are together,” Ayyildiz Tim wrote on that page. “The CYBER-WAR will be appeared all the Countries which not respecting Islam. Ayyildiz promises that they will visit your areas too…”

The most recent wave of cyber attacks from Ayyildiz Tim has targeted journalists and envoys, including India’s Ambassador to the UN Syed Akbaruddin, World Economic Forum President Børge Brende, Voice of America contributor Greta Van Susteren, former Fox News personality Eric Bolling and others.

“Once the accounts were compromised, the attackers direct-messaged the account contacts with propaganda for their cause or with a link to convince them to click on a phishing site that would harvest the Twitter credentials of the victim,” wrote McAfee analysts 

Source code of the page that resembled a Twitter log-in screen revealed “several Turkish-language segments.”

Hackers also changed the Twitter wallpaper of targets to one of their Turkish nationalist calling cards.

The McAfee analysts recommended “journalists in particular, as well as others in high-profile positions” follow “appropriate safeguards to protect their accounts.”

“We are aware that one of the tactics from this group is to use Direct Messaging to communicate with other prominent Twitter accounts,” Beek and Samani added. “There is also evidence that private messaging history has been accessed from certain compromised accounts of prominent figures, along with other sensitive or confidential information such as private phone numbers and emails. If you receive a message, even from someone you know or trust, be aware that the message may not be from the person you know. It is potentially directing you to malicious content.”

(Visited 1 times, 1 visits today)

Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a senior fellow specializing in terrorism analysis at the Haym Salomon Center. She is a Senior Risk Analyst for Gate 15, a private investigator and a security consultant. She is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera and SiriusXM.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security