Turkey-linked advanced persistent threat group Sea Turtle, also known as Teal Kurma, Cosmic Wolf, and Marbled Dust, has deployed island-hopping and supply chain attacks against the Netherlands' telecommunications firms, internet services providers, IT service providers, and media organizations, as well as Kurdish websites, as part of its cyberespionage operations, according to Security Affairs.
Aside from utilizing the SnappyTCP reverse TCP shell in a bid to breach systems on Linux and Unix, attackers also targeted cPanel accounts and leveraged SSH to facilitate initial systems compromise and eventually exfiltrate personal data to perform surveillance on possible political dissents and minorities, a report from Hunt & Hackett showed.
"This appears to be consistent with claims from U.S. officials in 2020 about hacker groups acting in Turkeys interest, focusing on the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey," researchers from Hunt & Hackett said.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.