CyberSecurityBoard
Sponsor Register Login

Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms

Sea Turtle, a group of hackers aligned with the Turkish government, has returned after going undetected since 2020.
Dutch cybersecurity provider, Hunt & Hackett, reported on January 5, 2024, that Sea Turtle has been conducting multiple espionage campaigns in the Netherlands.
The APT group has also targeted Kurdish websites, especially those affiliated with the Kurdistan Workers' Party.
Previously known to carry out DNS hijacking, Sea Turtle has deployed new approaches in recent campaigns.
During one of the 2023 operations the group reportedly used a compromised account on cPanel, a web hosting control panel used by multiple organizations worldwide, from an IP address used by a VPN provider.
The cPanel account was used to perform an SSH login from an IP address belonging to a hosting provider.
This allowed Sea Turtle to get into the IT infrastructure of its target.
Next, Sea Turtle used the Unix shell Bash to execute malicious commands.
The hacking group used a reverse TCP shell for Linux/Unix operating systems named SnappyTCP, whose source code is available on GitHub, according to a December 2023 PwC report.
SnappyTCP can be used to steal data, install additional malware or launch other attacks.
Adminer is a publicly available database management tool that can be used to log on to the MySQL service of a system remotely.
Finally, the threat actor sent commands to the system using SnappyTCP to create a copy of an e-mail archive in the public web directory of the website that was accessible from the internet.
Sea Turtle is an advanced persistent threat group allegedly tied to, or aligned with, the Turkish government.
In the initial report, Cisco Talos detailed espionage attacks targeting public and private entities in the Middle East and North Africa.
The group's motivations are primarily focused on acquiring economic and political intelligence through espionage, and information theft that targets public and private entities.
The group became prominent between 2018 and 2020 when it conducted a series of DNS hijacking campaigns that intercepted traffic of government IT systems in Greece, Cyprus and Iraq.
Microsoft's Digital Defense Report 2021 noted that the threat actor carries out intelligence collection campaigns in countries like Armenia, Cyprus, Greece, Iraq and Syria.
A report published by PwC in early December 2023 introduced the group's use of SnappyTCP. Meanwhile, cloud-based security operations provider Strike Ready published a report relating to Sea Turtle on its own blog in late December 2023.
The firm focused on a specific Sea Turtle activity: spoofing Kurdish news sites, NGO sites and TV channels in the Arab world.
In the Hunt & Hackett report the firm shared a list of recommendations to help Sea Turtle's main targets reduce both the attack surface and the likelihood of becoming a victim.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 08 Jan 2024 14:05:19 +0000


Cyber News related to Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms

Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms - Sea Turtle, a group of hackers aligned with the Turkish government, has returned after going undetected since 2020. Dutch cybersecurity provider, Hunt & Hackett, reported on January 5, 2024, that Sea Turtle has been conducting multiple espionage ...
9 months ago Infosecurity-magazine.com
Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service - To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers. Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle ...
9 months ago Cybersecuritynews.com
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
9 months ago Bleepingcomputer.com
Turkish Cyberspies Targeting Netherlands - A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports. Over the past ...
9 months ago Securityweek.com
Turkish APT 'Sea Turtle' Resurfaces to Spy on Kurdish Opposition - A group aligned with the interests of the government of Turkey has been turning up its politically motivated cyber espionage lately, targeting Kurdish opposition groups through high-value supply chain targets in Europe, the Middle East, and North ...
9 months ago Darkreading.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
11 months ago Darkreading.com
How Cybersecurity for Law Firms has Changed - The public nature of the legal system makes law firms particularly vulnerable to a growing number of cybersecurity risks. Law firms have unique access to highly confidential client information and as a result, face a growing number of federal, ...
10 months ago Securityboulevard.com
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report - A Dutch engineer recruited by the country's intelligence services used a water pump to deploy the now-infamous Stuxnet malware in an Iranian nuclear facility, according to a two-year investigation conducted by Dutch newspaper De Volkskrant. Stuxnet, ...
9 months ago Securityweek.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
1 year ago Bluevoyant.com
A Dream Come True: My Journey to Africa as a Sea Turtle Conservation Volunteer - I had this longtime dream of volunteering in Africa and working with sea turtles. This year, I had the chance to fulfill my dream because of this incredible company. Cisco incentivizes employees to give back - providing us with 80 hours of paid time ...
10 months ago Feedpress.me
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
Turkish Sea Turtle APT targets Dutch IT and Telecom firms - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
10 months ago Securityaffairs.com
Dutch hacker jailed for extortion, selling stolen data on RaidForums - A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. The suspect, a 21-year-old man from Zandvoort named ...
11 months ago Bleepingcomputer.com
Dutch police breached by a state actor - “The police have been informed by the intelligence services that it is very likely a ‘state actor’, in other words: another country or perpetrators on behalf of another country.” reads the update on the data breach published ...
1 month ago Securityaffairs.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
11 months ago Darkreading.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
11 months ago Reuters.com
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
2 years ago
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 month ago Securityaffairs.com
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
1 year ago Welivesecurity.com
US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran - After a two-year investigation into the details surrounding the Stuxnet virus, unleashed in 2008 against the Iranian nuclear program, journalists with Dutch newspaper Volkskrant have released a report saying the malware cost $1 billion to develop. ...
9 months ago Darkreading.com
Dutch, European Hospitals 'Hit by Pro-Russian Hackers' - Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries' support for Ukraine. The UMCG hospital in the northern Dutch city of ...
1 year ago Securityweek.com
Security automation gains traction, prompting a "shift everywhere" philosophy - This year's findings revealed a clear trend of firms increasingly taking advantage of security automation to replace manual, subject matter expert-driven security activities to reduce cost and improve effectiveness. Organizations embrace advanced ...
10 months ago Helpnetsecurity.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
5 months ago Darkreading.com
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus - An advanced persistent threat group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. Over that period, the Spanish-speaking ...
5 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)