Ransomware: apt73 claims tkgm.gov.tr (TR) — Public Sector

On 22 May 2026, a ransomware group known as apt73 claimed responsibility for a cyberattack against tkgm.gov.tr, the official domain of Turkey’s General Directorate of Land Registry and Cadastre. The claim was published on the ransomware.live data leak site, indicating that sensitive public sector data may have been compromised. This incident falls under the BREACH framework, which typically signals unauthorized access and potential data exfiltration.

The primary affected organization is the Turkish public sector, specifically the land registry and cadastre authority. However, this event has broader implications for any EU entity that shares data with or relies on Turkish public records, such as real estate firms, legal services, and cross-border financial institutions. The attack also serves as a warning to all public sector bodies in the EU about the increasing targeting of government infrastructure by ransomware groups.

Compliance teams should immediately verify whether their organization has any data dependencies on tkgm.gov.tr or related Turkish systems. If so, they must assess potential exposure under GDPR Article 28 (data processor obligations) and Article 33 (breach notification). Teams should also review incident response plans for ransomware scenarios, ensure offline backups are current, and consider updating risk registers to reflect this threat vector. Proactive monitoring of the ransomware.live site for any leaked data is advisable.