Back in 2013 the Turkish CA (TURKTRUST) enabled phishers to spoof Google. Given the current situation, finding someone who tries to mess up the certificates should not be a surprise.
Some time ago Wikipedia has been banned in Turkey because the government didn't like a couple of pages about its involvement in the Syria civil war. (I don't have references handy but you can find easily with Google)
In the past couple of weeks I noticed the a number of ISPs (for sure Turkcell for mobile and Türk Telekom for land lines) started injecting a wrong certificate, I guess to MITM the communication.
The certificate is of course wrong (it is both untrusted and the domain name is wrong) so the browser will notice this and block the access, but I'm surprised that I haven't seen any discussion about this online
Nobody would burn a CA just so they can inject some ads into Google. They'll be able to do it for 24hrs max before somebody notices (less if it's a google site, because chrome reports rogue certificates to google)
> https://security.googleblog.com/2013/01/enhancing-digital-ce...
> https://www.wired.com/2013/01/google-fraudulent-certificate/