The Prime Minister's office, the Ministry of Foreign Affairs, the National Intelligence Service (EYP) and the Hellenic Police (ELAS) were the targets of an international cyber espionage campaign in April 2019 code-named “Sea Turtle.”
According to verified sources, the unknown perpetrators were able to gain access to the internal networks of government agencies.
The attack was initially picked up on by officials from the prime minister’s cyber security team when an unusual email malfunction came to their attention. They immediately notified the Incident Response Team of the Foundation for Research and Technology – Hellas (FORTHcert) and the police cybercrime unit.
Technical teams from the two services and from the Maximos Mansion, which houses the Prime Minister's office, traveled on the same day from Athens to Iraklio on the island of Crete where FORTH’s Institute of Computer Science is located.
An official with knowledge of the events at that time, who spoke to Kathimerini on the condition of anonymity, said that from the very first moment their suspicions turned to Crete.
They reckoned that the malfunction was due to a cyberattack against the .gr and .el domain names registry, whose technical support is provided by FORTH. Their suspicions were confirmed by their investigation that revealed an ongoing DNS hijacking attack.
A second official with immediate involvement in the events, who also asked not to be named, told Kathimerini that the offenders accessed the servers of the four crucial government agencies and services.
He said that, by sending a misleading message, the attackers first gained access to the computer of a FORTH employee and then to the internet namespace. They then managed to access the servers that handled the emails with extensions @primeminister.gr, @mfa.gr, @nis.gr and @astynomia.gr.
There are concerns that through this infiltration, the perpetrators read or copied the messages exchanged by the officials of the four government agencies.
Greek diplomats and police officers who were asked about it clarified to Kathimerini that no confidential information was being circulated through these specific emails.
Usually, in other cyberattack cases, either there is a claim of responsibility or the culprits make their presence known. In this particular case, however, the perpetrators tried to erase their tracks. And this is the reason why those involved in the investigation have attributed the incident to cyber spies.