Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service

To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers.
Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle has been actively exploiting the known vulnerabilities to attack IT service providers.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
Sea Turtle APT group has been active since 2017 and is known for DNS hijacking; it adapts to evade detection.
Evading detection, Microsoft exposed SILICON in Oct 2021, aligning with Turkish interests.
For sensitive data, Sea Turtle targets the following areas:-.
Successful attacks aid surveillance and intelligence gathering.
Sea Turtle intercepts internet traffic using reverse shell for data extraction.
Researchers tracked the Sea Turtle's campaigns also in the Netherlands and discovered that they are primarily focused on the following two key things for Turkish interests:-.
Recent campaigns in the Netherlands target the following:-.
Sea Turtle employs supply chain attacks to collect politically motivated information.
Stolen data is likely used for surveillance or intelligence on specific groups.
In early 2023, Hunt & Hackett identified Sea Turtle's latest campaigns targeting multiple organizations.
In one attack, experts identified that the threat actor compromised a cPanel account and used a VPN for access.
They created a WebMail session and performed SSH logons from a hosting provider's IP. Source code files for a 'C' programming language reverse shell were downloaded and compiled from a known Sea Turtle GitHub repository.
The PwC independently linked this to Sea Turtle using the SnappyTCP reverse shell, and here, the SnappyTCP was downloaded from a Sea Turtle server.
The actor established a command-and-control channel, employed anti-forensic measures, and reconnected to the compromised cPanel account.
If specific conditions are met, the SnappyTCP malware does the following things:-.
Here below, we have mentioned all the recommendations provided by the cybersecurity analysts:-.
Try Kelltron's cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 10 Jan 2024 07:35:15 +0000

Cyber News related to Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service

Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service - To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers. Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle ...
1 year ago Cybersecuritynews.com

Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms - Sea Turtle, a group of hackers aligned with the Turkish government, has returned after going undetected since 2020. Dutch cybersecurity provider, Hunt & Hackett, reported on January 5, 2024, that Sea Turtle has been conducting multiple espionage ...
1 year ago Infosecurity-magazine.com

Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
1 year ago Bleepingcomputer.com

Turkish Cyberspies Targeting Netherlands - A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports. Over the past ...
1 year ago Securityweek.com

Turkish APT 'Sea Turtle' Resurfaces to Spy on Kurdish Opposition - A group aligned with the interests of the government of Turkey has been turning up its politically motivated cyber espionage lately, targeting Kurdish opposition groups through high-value supply chain targets in Europe, the Middle East, and North ...
1 year ago Darkreading.com

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
1 year ago Techtarget.com Cozy Bear APT29

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
1 month ago Cybersecuritynews.com

A Dream Come True: My Journey to Africa as a Sea Turtle Conservation Volunteer - I had this longtime dream of volunteering in Africa and working with sea turtles. This year, I had the chance to fulfill my dream because of this incredible company. Cisco incentivizes employees to give back - providing us with 80 hours of paid time ...
1 year ago Feedpress.me

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
11 months ago Securelist.com

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
11 months ago Securityaffairs.com Kimsuky

State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
1 year ago Gbhackers.com CVE-2023-23397 CVE-2023-38831 CVE-2023-32231

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

LockBit group falsely claimed the hack of the Federal Reserve - LockBit gang claimed responsibility for the attack on City of Wichita. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT28 APT29 LockBit BianLian Siegedsec

Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
5 months ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa

Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
2 years ago Securityweek.com

Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT28 APT29 APT3 BianLian

security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
1 year ago Securityboulevard.com

Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com

CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
3 years ago

Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
1 year ago Helpnetsecurity.com CVE-2023-42793 Andariel

NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
1 year ago Techtarget.com Rocke 8base LockBit BianLian Medusa

APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks - The Turla/Tomiris group has particularly refined this approach, utilizing infected USB drives containing industrial espionage tools that eventually deploy ransomware across entire fleet management networks, effectively holding maritime operations ...
1 month ago Cybersecuritynews.com Mustang Panda CVE-2022-22707 APT41 Turla

NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware - The group has demonstrated exceptional capabilities in exploiting unknown Exchange vulnerabilities and deploying adaptive malware to steal sensitive intelligence from high-tech companies, chip semiconductor manufacturers, quantum technology firms, ...
2 months ago Cybersecuritynews.com