Security News > 2024 > January > Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites.
Previously, Sea Turtle, also known as Teal Kurma and Cosmic Wolf, focused on the Middle Eastern region, as well as Sweden and the United States, using techniques like DNS hijacking and traffic redirection to perform man-in-the-middle attacks against government and non-government organizations, media, ISPs, and IT service providers.
The recent expansion to the Netherlands was observed by analysts at Hunt & Hackett, who report that Sea Turtle remains a threat group of moderate sophistication, primarily using known flaws and compromised accounts for initial access while failing to hide their activity trace effectively.
Hunt & Hackett says it has observed Sea Turtle activity in the Netherlands between 2021 and 2023, with new techniques and malware being introduced recently.
"These cyberattacks are believed to be orchestrated by Sea Turtle operating in alignment with Turkish interests, signaling an escalation in Turkey's pursuit of objectives within the Netherlands," reads the report.
A new tool deployed in the recent Sea Turtle attacks is 'SnappyTCP,' an open-source reverse TCP shell for Linux that offers basic command and control capabilities.
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)