Security News > 2024 > January > Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos
The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites.
Previously, Sea Turtle, also known as Teal Kurma and Cosmic Wolf, focused on the Middle Eastern region, as well as Sweden and the United States, using techniques like DNS hijacking and traffic redirection to perform man-in-the-middle attacks against government and non-government organizations, media, ISPs, and IT service providers.
The recent expansion to the Netherlands was observed by analysts at Hunt & Hackett, who report that Sea Turtle remains a threat group of moderate sophistication, primarily using known flaws and compromised accounts for initial access while failing to hide their activity trace effectively.
Hunt & Hackett says it has observed Sea Turtle activity in the Netherlands between 2021 and 2023, with new techniques and malware being introduced recently.
"These cyberattacks are believed to be orchestrated by Sea Turtle operating in alignment with Turkish interests, signaling an escalation in Turkey's pursuit of objectives within the Netherlands," reads the report.
A new tool deployed in the recent Sea Turtle attacks is 'SnappyTCP,' an open-source reverse TCP shell for Linux that offers basic command and control capabilities.
News URL
Related news
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)