Turkish authorities detained 12 suspects in a coordinated operation across nine provinces targeting a cybercrime network accused of infiltrating public institutions’ digital systems and exploiting citizens’ personal data, officials said.
The operation, led by the National Intelligence Organization (MIT), was carried out in cooperation with the Cyber Security Directorate, the Gendarmerie General Command and the Financial Crimes Investigation Board (MASAK), following a joint investigation into the group’s activities.
Raids were conducted early in the morning in Istanbul, Konya, Gaziantep, Şanlıurfa, Manisa, Mardin, Batman, Çanakkale and Hakkari, centered on the capital Ankara, where prosecutors are overseeing the case. Authorities said the suspects were apprehended in simultaneous operations targeting what they described as an organized cybercrime structure.
According to security sources, the network had been under surveillance by MIT as part of an intelligence-led probe into attempts to gain unauthorized access to government information systems.
Investigators found that the group used malicious software to target login credentials of public sector employees, enabling them to infiltrate systems and carry out transactions through compromised accounts.
The stolen data was allegedly distributed through a multilayered network and sold for profit under a “franchise-like” model to third parties. Officials said the information was marketed to various criminal actors, including fraud networks and, in some cases, groups linked to terrorism-related activities.
During the operation, authorities seized numerous domestic and foreign-based servers, data storage systems and digital materials believed to be connected to the network. Forensic examinations by the Cyber Security Directorate revealed that the suspects actively operated systems allowing unauthorized queries of personal data.
Investigators also identified multiple cryptocurrency wallets and digital financial assets linked to the group, which are now under examination as part of the financial dimension of the probe.
One key suspect, accused of building and managing the network’s technical infrastructure and operating under a code name to conceal his identity, was detained in the southeastern province of Mardin. Authorities allege he played a central role in expanding the network by facilitating data-sharing with various criminal entities.
Officials said the investigation remains ongoing and could expand as new evidence emerges, emphasizing that efforts to dismantle cybercrime networks will continue.
In 2025, MIT intensified efforts against cybercrime and illegal access to personal data. In coordination with the Gendarmerie General Command, the National Cyber Incident Response Center (USOM) and the Financial Crimes Investigation Board (MASAK), multiple operations were carried out across several provinces.
Throughout the year, more than 1,200 fraudulent websites linked to cyber fraud schemes were shut down.
