Cybersecurity News

Sea Turtle Strikes Again: Dutch IT Giants Targeted in Stealthy Cyber Espionage Campaign

Supply Chain and Island Hopping attacks are just some of the methods used by Sea Turtle to spy on private enterprises.

In a recent wave of cyber espionage, Dutch IT and telecom companies face the wrath of Sea Turtle, a TΓΌrkiye-nexus threat actor. The campaign targets telecommunication, media, ISPs, IT-service providers, and Kurdish websites, aiming to exploit vulnerabilities in the targets’ infrastructure.

Dutch security firm Hunt & Hackett revealed that Sea Turtle leverages supply chain and island-hopping attacks to collect politically motivated information, particularly focusing on personal details of minority groups and potential political dissidents. The stolen data is likely intended for surveillance or intelligence gathering.

Sea Turtle, also known as Cosmic Wolf, Marbled Dust, Teal Kurma, and UNC1326, made its debut in state-sponsored attacks documented by Cisco Talos in April 2019. The group has been active since January 2017, employing DNS hijacking to redirect targets and harvest credentials.

Microsoft flagged Sea Turtle in late 2021, highlighting its intelligence collection to serve Turkish interests from countries like Armenia, Cyprus, Greece, Iraq, and Syria. The group strategically targets telecom and IT companies, exploiting known vulnerabilities to establish a foothold.

PricewaterhouseCoopers (PwC) Threat Intelligence team recently disclosed Sea Turtle’s use of SnappyTCP, a simple reverse TCP shell for Linux and Unix systems. This web shell facilitates command-and-control capabilities and aids in persistence, with variants utilising OpenSSL for secure connections.

Hunt & Hackett’s latest analysis underscores Sea Turtle’s stealthy approach, employing defense evasion techniques to harvest email archives. In a 2023 attack, a compromised cPanel account served as the initial access point for deploying SnappyTCP. The threat actor utilised the tool to create and exfiltrate an email archive, leaving cybersecurity experts puzzled about how the attackers obtained credentials.

To safeguard against such threats, organisations are urged to enforce robust password policies, implement two-factor authentication, monitor SSH traffic, and keep all systems and software up-to-date. These measures are crucial in mitigating the risks posed by Sea Turtle’s sophisticated cyber espionage tactics. For further details, refer to Hunt & Hackett’s comprehensive analysis.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Related Hacking Guides

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.