A good example of how politics affects cyberspace activities.
A new cyber-espionage campaign is underway in the Netherlands, targeting telecommunications companies, Internet service providers, IT services and Kurdish websites. A group called Sea Turtle, which is linked to Turkey, is behind the attacks. This was reported by the Dutch information security company Hunt&Hackett.
According to the firm's analysis, the targets infrastructure is susceptible to attacks on the supply chain and "island-hopping" tactics. The attacks collected information related to politics, including personal data about minorities and potential political dissidents. The stolen data is likely to be used for surveillance or intelligence gathering on specific groups or individuals.
The Sea Turtle cluster (also known as Cosmic Wolf, Marbled Dust (formerly Silicon), Teal Kurma, and UNC1326) was first documented by Cisco Talos in April 2019. The report described government-sponsored attacks targeting public and private organizations in the Middle East and North Africa. The Sea Turtle group's activities began in January 2017 and mainly involved DNS Hijacking to redirect victims to malicious servers in order to steal user credentials.
At the end of 2021, Microsoft indicated that Sea Turtle collects intelligence relevant to Turkey's strategic interests in countries such as Armenia, Cyprus, Greece, Iraq and Syria, attacking telecommunications and IT companies in order to gain a foothold on the path to the desired goal by exploiting known vulnerabilities. In December 2023, it was revealed that the group was using a simple reverse TCP wrapper for Linux (and Unix) systems called SnappyTCP in attacks conducted between 2021 and 2023.
The latest Hunt & Hackett data shows that Sea Turtle continues to be a secretive group engaged in espionage, using evasive techniques to operate undetected and collect email archives.
One of the attacks in 2023 involved using a compromised but legitimate cPanel account as the initial access point to deploy SnappyTCP on the system. It is not yet known how the attackers obtained the cPanel credentials. Using SnappyTCP, the attacker sent commands to the system to create a copy of the email archive created using the tar tool in the site's public web directory. It is highly likely that a hacker penetrated the email archive by downloading the file directly from the web directory, experts say.
To mitigate the risks associated with such attacks, organizations are encouraged to implement strong password policies, two-factor authentication, limit the number of login attempts to reduce the likelihood of brute-forcing passwords, monitor SSH traffic, and update all systems and software.
A new cyber-espionage campaign is underway in the Netherlands, targeting telecommunications companies, Internet service providers, IT services and Kurdish websites. A group called Sea Turtle, which is linked to Turkey, is behind the attacks. This was reported by the Dutch information security company Hunt&Hackett.
According to the firm's analysis, the targets infrastructure is susceptible to attacks on the supply chain and "island-hopping" tactics. The attacks collected information related to politics, including personal data about minorities and potential political dissidents. The stolen data is likely to be used for surveillance or intelligence gathering on specific groups or individuals.
The Sea Turtle cluster (also known as Cosmic Wolf, Marbled Dust (formerly Silicon), Teal Kurma, and UNC1326) was first documented by Cisco Talos in April 2019. The report described government-sponsored attacks targeting public and private organizations in the Middle East and North Africa. The Sea Turtle group's activities began in January 2017 and mainly involved DNS Hijacking to redirect victims to malicious servers in order to steal user credentials.
At the end of 2021, Microsoft indicated that Sea Turtle collects intelligence relevant to Turkey's strategic interests in countries such as Armenia, Cyprus, Greece, Iraq and Syria, attacking telecommunications and IT companies in order to gain a foothold on the path to the desired goal by exploiting known vulnerabilities. In December 2023, it was revealed that the group was using a simple reverse TCP wrapper for Linux (and Unix) systems called SnappyTCP in attacks conducted between 2021 and 2023.
The latest Hunt & Hackett data shows that Sea Turtle continues to be a secretive group engaged in espionage, using evasive techniques to operate undetected and collect email archives.
One of the attacks in 2023 involved using a compromised but legitimate cPanel account as the initial access point to deploy SnappyTCP on the system. It is not yet known how the attackers obtained the cPanel credentials. Using SnappyTCP, the attacker sent commands to the system to create a copy of the email archive created using the tar tool in the site's public web directory. It is highly likely that a hacker penetrated the email archive by downloading the file directly from the web directory, experts say.
To mitigate the risks associated with such attacks, organizations are encouraged to implement strong password policies, two-factor authentication, limit the number of login attempts to reduce the likelihood of brute-forcing passwords, monitor SSH traffic, and update all systems and software.
