CyberSecurityBoard
Sponsor Register Login

Turkish Cyberspies Targeting Netherlands

A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports.
Over the past year, the advanced persistent threat actor, tracked as Sea Turtle, Cosmic Wolf, Marbled Dust, Silicon, and Teal Kurma, targeted government, telecommunications, media, and NGO entities, along with ISPs and IT services providers in the country, as part of multiple espionage campaigns.
Sea Turtle, Hunt & Hackett says, mainly focused on telecoms, media, ISP, and IT services organizations, and targeted Kurdish websites, including some that are PKK affiliated.
The APT likely used the stolen information for surveillance or intelligence gathering, in line with previously detailed tactics observed in Sea Turtle attacks against organizations in Europe, Middle East, and North Africa.
Sea Turtle was initially detailed in 2019, when it stood out for its use of complex DNS hijacking techniques.
At that time security researchers did not align it with the interests of a government, albeit they did assess the group as being state-sponsored.
The group faded following public disclosure, but made it into the spotlight again a month ago, when PwC published an analysis of 'SnappyTCP', a reverse shell for Linux/Unix systems that the group had been using since 2021.
Since at least 2017, the APT has been exploiting known vulnerabilities for initial access, and is believed to have continued doing so over the past three years as well.
Following the initial intrusion, the group would run a shell script to drop an executable to the disk.
A simple reverse TCP shell for Linux, the webshell has basic command-and-control capabilities and likely allows the attackers to establish persistence.
The shell's code is identical to code found in a publicly accessible GitHub repository, which also hosts other samples used to establish reverse shells.
In late December, StrikeReady published its own analysis of Sea Turtle, providing indicators of compromise associated with the threat actor's activities.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 08 Jan 2024 15:13:04 +0000


Cyber News related to Turkish Cyberspies Targeting Netherlands

Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos - The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers, and Kurdish websites. Previously, Sea Turtle, also known ...
9 months ago Bleepingcomputer.com
Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service - To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers. Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle ...
9 months ago Cybersecuritynews.com
Turkish Cyberspies Targeting Netherlands - A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports. Over the past ...
9 months ago Securityweek.com
Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms - Sea Turtle, a group of hackers aligned with the Turkish government, has returned after going undetected since 2020. Dutch cybersecurity provider, Hunt & Hackett, reported on January 5, 2024, that Sea Turtle has been conducting multiple espionage ...
9 months ago Infosecurity-magazine.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
9 months ago Darkreading.com
Netherlands reveals Chinese spies attacked its defense dept The Register - Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense, blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and ...
9 months ago Go.theregister.com
Turkish APT 'Sea Turtle' Resurfaces to Spy on Kurdish Opposition - A group aligned with the interests of the government of Turkey has been turning up its politically motivated cyber espionage lately, targeting Kurdish opposition groups through high-value supply chain targets in Europe, the Middle East, and North ...
9 months ago Darkreading.com
Ten new Android banking trojans targeted 985 bank apps in 2023 - This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank ...
10 months ago Bleepingcomputer.com
Android malware Grandoreiro returns after police disruption - In January 2024, an international law enforcement operation involving Brazil, Spain, Interpol, ESET, and Caixa Bank announced the disruption of the malware operation, which had been targeting Spanish-speaking countries since 2017 and caused $120 ...
5 months ago Bleepingcomputer.com
Banking malware Grandoreiro returns after police disruption - In January 2024, an international law enforcement operation involving Brazil, Spain, Interpol, ESET, and Caixa Bank announced the disruption of the malware operation, which had been targeting Spanish-speaking countries since 2017 and caused $120 ...
5 months ago Bleepingcomputer.com
Iranian cyberspies target US defense orgs with new backdoor The Register - Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. Hundreds of e-commerce sites compromised by card stealers. Cyber crooks compromised 443 online shops, using ...
10 months ago Go.theregister.com
Dutch, European Hospitals 'Hit by Pro-Russian Hackers' - Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries' support for Ukraine. The UMCG hospital in the northern Dutch city of ...
1 year ago Securityweek.com
Law Enforcement Accessed Exclus Protected Messaging System to Spy on Suspected Offenders - On Friday, the Dutch police announced that they had successfully taken down the Exclu encrypted communications platform after hacking into the service to monitor criminal organizations. This operation was the result of two separate investigations ...
1 year ago Bleepingcomputer.com
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com
Ragnar Locker ransomware developer arrested in France - Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. Authorities from France, the Czech Republic, Germany, Italy, Latvia, the ...
11 months ago Bleepingcomputer.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com
FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies - The US government has neutralized another small office/home office router botnet being used by Russian cyberspies in malware campaigns. According to a notice from the Department of Justice, a court-authorized operation disrupted a network of hundreds ...
8 months ago Securityweek.com
Ransomware wiping out data on tape backups and malware hitting MYSQL Servers - Finland's National Cyber Security Centre has issued a warning concerning a new wave of cyber threats, with hackers now deploying ransomware on Network Attached Storage appliances and tape storage media, aiming to obliterate stored information. The ...
9 months ago Cybersecurity-insiders.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com
RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
6 months ago Bleepingcomputer.com
CISA Releases Solution to Help Combat ESXiArgs Ransomware as Florida Institutions Suffer - The Cybersecurity and Infrastructure Security Agency (CISA) has released a script to help organizations affected by the ESXiArgs ransomware. This ransomware has caused disruption to many organizations around the world since last Friday. CISA has ...
1 year ago Therecord.media
Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware - A sophisticated attack campaign codenamed RE#TURGENCE by researchers has been discovered infiltrating Microsoft SQL database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware ...
9 months ago Darkreading.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
8 months ago Bleepingcomputer.com
TeamViewer Hack Officially Attributed to Russian Cyberspies - TeamViewer has confirmed that a notorious Russian cyberespionage group appears to be behind the recent hacker attack targeting the company's systems. The remote connectivity software provider revealed last week that it had detected an intrusion on ...
4 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)