CyberSecurityBoard
Sponsor Register Login

Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service

To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers.
Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle has been actively exploiting the known vulnerabilities to attack IT service providers.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
Sea Turtle APT group has been active since 2017 and is known for DNS hijacking; it adapts to evade detection.
Evading detection, Microsoft exposed SILICON in Oct 2021, aligning with Turkish interests.
For sensitive data, Sea Turtle targets the following areas:-.
Successful attacks aid surveillance and intelligence gathering.
Sea Turtle intercepts internet traffic using reverse shell for data extraction.
Researchers tracked the Sea Turtle's campaigns also in the Netherlands and discovered that they are primarily focused on the following two key things for Turkish interests:-.
Recent campaigns in the Netherlands target the following:-.
Sea Turtle employs supply chain attacks to collect politically motivated information.
Stolen data is likely used for surveillance or intelligence on specific groups.
In early 2023, Hunt & Hackett identified Sea Turtle's latest campaigns targeting multiple organizations.
In one attack, experts identified that the threat actor compromised a cPanel account and used a VPN for access.
They created a WebMail session and performed SSH logons from a hosting provider's IP. Source code files for a 'C' programming language reverse shell were downloaded and compiled from a known Sea Turtle GitHub repository.
The PwC independently linked this to Sea Turtle using the SnappyTCP reverse shell, and here, the SnappyTCP was downloaded from a Sea Turtle server.
The actor established a command-and-control channel, employed anti-forensic measures, and reconnected to the compromised cPanel account.
If specific conditions are met, the SnappyTCP malware does the following things:-.
Here below, we have mentioned all the recommendations provided by the cybersecurity analysts:-.
Try Kelltron's cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.


This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 10 Jan 2024 07:35:15 +0000


Cyber News related to Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service

Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service - To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers. Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle ...
9 months ago Cybersecuritynews.com
Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms - Sea Turtle, a group of hackers aligned with the Turkish government, has returned after going undetected since 2020. Dutch cybersecurity provider, Hunt & Hackett, reported on January 5, 2024, that Sea Turtle has been conducting multiple espionage ...
9 months ago Infosecurity-magazine.com
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
9 months ago Bleepingcomputer.com
Turkish Cyberspies Targeting Netherlands - A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports. Over the past ...
9 months ago Securityweek.com
Turkish APT 'Sea Turtle' Resurfaces to Spy on Kurdish Opposition - A group aligned with the interests of the government of Turkey has been turning up its politically motivated cyber espionage lately, targeting Kurdish opposition groups through high-value supply chain targets in Europe, the Middle East, and North ...
9 months ago Darkreading.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
A Dream Come True: My Journey to Africa as a Sea Turtle Conservation Volunteer - I had this longtime dream of volunteering in Africa and working with sea turtles. This year, I had the chance to fulfill my dream because of this incredible company. Cisco incentivizes employees to give back - providing us with 80 hours of paid time ...
10 months ago Feedpress.me
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 month ago Securelist.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 month ago Securityaffairs.com
TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
11 months ago Gbhackers.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
4 months ago Securityaffairs.com
LockBit group falsely claimed the hack of the Federal Reserve - LockBit gang claimed responsibility for the attack on City of Wichita. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity ...
4 months ago Securityaffairs.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
10 months ago Helpnetsecurity.com
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
2 years ago
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
10 months ago Securityboulevard.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
5 months ago Securityaffairs.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
8 months ago Techtarget.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
5 months ago Securityaffairs.com
Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs - Russia-sponsored advanced persistent threat group Turla is now targeting Polish NGOs in a cyberespionage campaign that uses a freshly developed backdoor with modular capabilities, signaling an expansion of the scope of its attacks against supporters ...
8 months ago Darkreading.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)