In a statement on its Web site, the OpenSSL Project noted, “Initial investigations show that the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration. Steps have been taken to protect against this means of attack in future.”
“The source repositories have been checked and they were not affected,” the organization added. “Other than the modification to the index.html page (which was restored a few minutes after we became aware of the attack) no changes to the website had been made.”
According to Wikipedia, the group, whose name means Turkish Security, was founded in 2008 and includes between five and 10 members.