Security News > 2024 > January > Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites.

Previously, Sea Turtle, also known as Teal Kurma and Cosmic Wolf, focused on the Middle Eastern region, as well as Sweden and the United States, using techniques like DNS hijacking and traffic redirection to perform man-in-the-middle attacks against government and non-government organizations, media, ISPs, and IT service providers.

The recent expansion to the Netherlands was observed by analysts at Hunt & Hackett, who report that Sea Turtle remains a threat group of moderate sophistication, primarily using known flaws and compromised accounts for initial access while failing to hide their activity trace effectively.

Hunt & Hackett says it has observed Sea Turtle activity in the Netherlands between 2021 and 2023, with new techniques and malware being introduced recently.

"These cyberattacks are believed to be orchestrated by Sea Turtle operating in alignment with Turkish interests, signaling an escalation in Turkey's pursuit of objectives within the Netherlands," reads the report.

A new tool deployed in the recent Sea Turtle attacks is 'SnappyTCP,' an open-source reverse TCP shell for Linux that offers basic command and control capabilities.

News URL

https://www.bleepingcomputer.com/news/security/turkish-hackers-sea-turtle-expand-attacks-to-dutch-isps-telcos/