HQ/EMEAFind out how we can help your business
The newly discovered Sea Turtle cyberespionage campaign currently targets the telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands. Sea Turtle is a Turkey-backed nexus threat actor that allegedly started in January 2017.
Based on reports, Sea Turtle exploited the vulnerable infrastructure of its targets, employing supply chain and island-hopping attacks. The attack group specifically harvested politically related information, focusing on the personal data of minority groups and potential political dissidents.
These hackers could have intentionally targeted these details for surveillance or intelligence gathering on specific individuals or groups, raising concerns about privacy and national security.
Sea Turtle became a well-known cyberespionage group after targeting the Middle East.
The Sea Turtle cyberespionage group first drew attention in April 2019 when research documented its state-sponsored attacks in the Middle East and North Africa. The group’s primary tactic involves DNS hijacking to redirect targets to an attacker-controlled server that enables them to harvest credentials.
In addition, a separate research study in 2021 highlighted Sea Turtle’s intelligence collection activities as aligned with strategic Turkish interests. The group targeted countries such as Armenia, Cyprus, Greece, Iraq, and Syria, focusing on telecom and IT companies to establish persistence on their desired targets by exploiting known vulnerabilities.
However, recent revelations exposed Sea Turtle’s use of a simple reverse TCP shell called SnappyTCP to target and compromise Linux and Unix systems. With basic command-and-control capabilities, this web shell could give its operators a foothold on their targeted devices. It has at least two main variants—one using OpenSSL for a secure connection over TLS and another transmitting requests in cleartext.
These latest findings show Sea Turtle’s continuous evolution as a stealthy espionage-focused cybercriminal organisation. The threat actor employs sophisticated defence evasion techniques to remain undetected while harvesting email archives.
This information poses a severe threat, implying that organisations should also acquire enhanced cybersecurity measures and international cooperation to counter the evolution of state-sponsored cyber espionage groups.
Therefore, the Dutch IT and telecom sectors must bolster their defences to safeguard sensitive information and protect the integrity of their networks against the notorious Sea Turtle group.
