Despite being publicly exposed earlier this year, the actors behind the malicious Sea Turtle DNS hijacking campaign continue to unabashedly rack up new victims, and apparently added a new technique to their repertoire, a new report states.

The group made waves last April when researchers at Cisco's Talos unit reported that the attackers have been compromising internet and DNS service providers in order to reroute some of their clients' website visitors to a malicious man-in-the-middle server. This server, which spoofs the legitimate website or online service, secretly captures these visitors' website credentials so they can be harvested. Targeted customers have primarily consisted of Middle Eastern and North African government institutions, military units and energy organizations.

In a new report published yesterday, Talos revealed that the same group, from April 19 - 24, accessed the network of The Institute of Computer Science of the Foundation for Research and Technology - Hellas (ICS-Forth), the organization that oversees the ccTLD for Greece.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.