Dutch firms, sites targeted by Sea Turtle cyberespionage campaign

Turkey-linked advanced persistent threat group Sea Turtle, also known as Teal Kurma, Cosmic Wolf, and Marbled Dust, has deployed island-hopping and supply chain attacks against the Netherlands' telecommunications firms, internet services providers, IT service providers, and media organizations, as well as Kurdish websites, as part of its cyberespionage operations, according to Security Affairs. Aside from utilizing the SnappyTCP reverse TCP shell in a bid to breach systems on Linux and Unix, attackers also targeted cPanel accounts and leveraged SSH to facilitate initial systems compromise and eventually exfiltrate personal data to perform surveillance on possible political dissents and minorities, a report from Hunt & Hackett showed. "This appears to be consistent with claims from U.S. officials in 2020 about hacker groups acting in Turkeys interest, focusing on the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey," researchers from Hunt & Hackett said.