Security News > 2024 > January > Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites.
Previously, Sea Turtle, also known as Teal Kurma and Cosmic Wolf, focused on the Middle Eastern region, as well as Sweden and the United States, using techniques like DNS hijacking and traffic redirection to perform man-in-the-middle attacks against government and non-government organizations, media, ISPs, and IT service providers.
The recent expansion to the Netherlands was observed by analysts at Hunt & Hackett, who report that Sea Turtle remains a threat group of moderate sophistication, primarily using known flaws and compromised accounts for initial access while failing to hide their activity trace effectively.
Hunt & Hackett says it has observed Sea Turtle activity in the Netherlands between 2021 and 2023, with new techniques and malware being introduced recently.
"These cyberattacks are believed to be orchestrated by Sea Turtle operating in alignment with Turkish interests, signaling an escalation in Turkey's pursuit of objectives within the Netherlands," reads the report.
A new tool deployed in the recent Sea Turtle attacks is 'SnappyTCP,' an open-source reverse TCP shell for Linux that offers basic command and control capabilities.
News URL
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)