Ransomware victim disclosure
← All victimstkgm.gov.tr
Claimed by Apt73 · listed 2 months ago
Status timeline
- ListedMay 22, 2026
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Türkiye
- Sector
- Public Sector
- Listed on leak site
- May 22, 2026
About the victim
AI dossier — public-source company profileTKGM (Tapu ve Kadastro Genel Müdürlüğü) is Turkey's General Directorate of Land Registry and Cadastre, a critical government agency responsible for maintaining property records, land registry services, and cadastral information for all of Turkey. It operates nationwide with multiple regional offices and manages records covering 59+ million parcels and 57+ million property owners.
- Industry
- Government - Land Registry & Cadastre
- Address
- Ankara, Turkey
Attack summary
Severity: critical — Confirmed exfiltration of a critical government agency managing national property/cadastral records affecting millions of citizens. Exposure of comprehensive land registry and ownership data represents a severe national security and privacy breach affecting an entire nation's property system.APT73 claims to have breached TKGM and exfiltrated data from this Turkish government land registry agency. The group has published data; no ransom demand is stated, though the data has been disclosed.
Data the group says was taken
AI dossier — extracted from the leak post- Property records
- Land registry data
- Cadastral information
- Parcel ownership records
- Government employee records
- Transaction data
What the group claims
TKGM (Tapu ve Kadastro Genel Müdürlüğü) is a government agency from Turkey, the General Dire...
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

