At a glance.
- Sea Turtle targets Dutch organizations.
- Suspected Iranian threat actor targets Albania with wiper.
- Ransomware attack against the Toronto Zoo.
- Ransomware gangs claim responsibility for attacks.
Sea Turtle targets Dutch organizations.
Researchers at Dutch cybersecurity firm Hunt & Hackett say a suspected Turkish state-sponsored group called “Sea Turtle” is targeting organizations in the Netherlands to conduct cyberespionage: “The campaigns observed in the Netherlands appear to focus on telecommunication, media, ISPs, and IT-service providers and more specifically Kurdish websites (among others PPK affiliated). The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group used to collect politically motivated information such as personal information on minority groups and potential political dissents. The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals. This appears to be consistent with claims from US officials in 2020 about hacker groups acting in Turkey’s interest, focusing on the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey.”
Sea Turtle was discovered in 2019 by researchers at Cisco Talos, though they refrained from attributing it to any particular nation-state. The group is known for its DNS hijacking techniques.