Turkey’s President Recep Tayyip Erdogan. (Bloomberg)

By Aykan Erdemir and Annie Fixler

February 15, 2022

As Turkey’s Islamist President Recep Tayyip Erdogan signals his intention to mend ties with Israel, Iranian state-sponsored hackers have been targeting government and private-sector entities across Turkey, researchers at Cisco Talos Intelligence Group revealed in January. Iran’s latest cyber operation should be a wakeup call for Erdogan, who has a troubling history of aiding and abetting the Islamic Republic, including through his facilitation of Tehran’s sanctions-evasion schemes.

Cisco Talos, one of the world’s largest commercial intelligence teams, exposed that the hacker group MuddyWater masqueraded as the Turkish Health and Interior Ministries to trick targets into downloading malware. Last month, U.S. Cyber Command officially determined that MuddyWater is “a subordinate element within the Iranian Ministry of Intelligence and Security.” Iranian hackers targeted the Scientific and Technological Research Council of Turkey, among other organizations. The researchers at Cisco Talos did not assess the motivation behind the operation but noted that MuddyWater has previously conducted espionage, stolen intellectual property, and used ransomware and other destructive malware.

Although Erdogan has supported Tehran over the years by facilitating Iranian evasion of U.S. sanctions, Turkey has been a regular target of cyber espionage by various Iranian hackers dating back to 2014. MuddyWater alone has conducted numerous operations against Ankara over the past five years.

MuddyWater’s latest campaign coincides with Ankara’s ongoing attempts to normalize relations with Israel. This is consistent with the Iranian threat group’s operations against the United Arab Emirates and Kuwait following the Abraham Accords — a U.S.-brokered agreement normalizing relations between Israel and some of its Arab neighbors, including the United Arab Emirates. Tehran’s concerns about warming Turkish-Israeli ties is one possible explanation for Iran’s cutoff of natural gas to Turkey last month.

There are other reasons why MuddyWater’s bosses in Tehran may be desperate for the latest intelligence on Ankara’s deliberations. The two nations are at loggerheads in Syria and Iraq — the latest manifestation of their age-old competition for hegemony in the region. Earlier this month, Kataib Hezbollah, one of Tehran’s Iraqi proxies, warned that Turkish forces in Iraq must withdraw “before it’s too late,” providing just the latest evidence of rising tensions between Ankara and the Islamic Republic.

Against Iran’s persistent cyber threats, Israel could be a good partner for Ankara. Jerusalem remains Tehran’s top target and possesses some of the strongest cyber capabilities in the world. Other Middle Eastern states have already tapped into Israeli knowhow. Following the Abraham Accords, Reuters reported that Israeli and Emirati cyber security chiefs were sharing information about cyber threats to their nations.

Until now, Erdogan has been openly hostile toward Israel’s normalization with its neighbors. He joined Iran and Hamas in condemning the accords and even threatened to suspend diplomatic ties with Abu Dhabi. Turkey hosts “the terror command post of Hamas abroad,” stated then-Israeli Defense Minister Moshe Ya’alon in 2016. Ending Ankara’s support for Hamas terrorists, who have made Turkey their largest base outside of Gaza, would likely be a prerequisite for beginning to revive Turkey and Israel’s robust diplomatic, security, and intelligence cooperation that characterized the 1990s. A good first step, especially if Ankara is interested in cyber cooperation with Israel, would be to shutter Hamas’ once-secret headquarters in Istanbul — revealed in a 2020 Times report — for conducting cyberwarfare and counter-intelligence operations.

Despite Erdogan’s antisemitic and anti-Israel track record, Jerusalem appears cautiously open to improving relations. Haaretz quoted an Israeli diplomatic source as saying, “With Turkey we move forward with great caution. Very slowly. They are no great friends of Iran, to put it mildly, and we can’t afford to assume some mantle of purity that will prevent us from creating alliances.” Tehran’s hostile moves, including its latest cyber operation, offer the Turkish president an opportunity to correct course by prioritizing Turkey’s national interests instead of his misguided Islamist agenda, which Tehran has exploited skillfully to this day.

Foundation for Defense of Democracies

About Track Persia

Track Persia is a Platform run by dedicated analysts who spend much of their time researching the Middle East, in due process we fall upon many indications of growing expansionary ambitions on the part of Iran in the MENA region and the wider Islamic world. These ambitions commonly increase tensions and undermine stability.